From 461426f7502bfb8104470eb2a7d4194c19958893 Mon Sep 17 00:00:00 2001 From: Matthias Meusburger Date: Wed, 4 Mar 2015 16:18:23 +0100 Subject: [PATCH] Bug 12887: User logged out on refresh after CAS authentication If the user is already logged-in, do not trigger CAS authentication even if there is a ticket in the parameters. 1) Authenticate to the OPAC through CAS. 2) Once redirected to your account, hit F5 or the refresh button of your browser. 3) You're logged out. Signed-off-by: Koha Team Lyon 3 Signed-off-by: Luce Barbey Signed-off-by: Katrin Fischer Added sign of lines according to bug. Works as described, small change. Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 0c6ba2d0c4dde4237de9bcd3995254a4387b1fbe) Signed-off-by: Chris Cormack --- C4/Auth.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 601047d1d4..3e5fe829b9 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -769,7 +769,7 @@ sub checkauth { $sessiontype = $session->param('sessiontype') || ''; } if ( ( $query->param('koha_login_context') && ( $q_userid ne $s_userid ) ) - || ( $cas && $query->param('ticket') ) || ( $shib && $shib_login && !$logout ) ) { + || ( $cas && $query->param('ticket') && !C4::Context->userenv->{'id'} ) || ( $shib && $shib_login && !$logout ) ) { #if a user enters an id ne to the id in the current session, we need to log them in... #first we need to clear the anonymous session... -- 2.39.5