From 919d0d4c02a35686083aa11351d092df4d348417 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Tue, 20 Feb 2024 14:01:04 +0100
Subject: [PATCH] Bug 36102: Generate a new sessionID if the existing one is
 invalid

If the cookie contain an expired sessionID we need to create another
one to correctly generate the CSRF token.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 C4/InstallAuth.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/C4/InstallAuth.pm b/C4/InstallAuth.pm
index 6730e94383..7a01e4829b 100644
--- a/C4/InstallAuth.pm
+++ b/C4/InstallAuth.pm
@@ -392,6 +392,10 @@ sub checkauth {
                 $template->param( 'invalid_username_or_password' => $info{'invalid_username_or_password'});
     }
 
+    unless ( $sessionID ) {
+        my $session = Koha::Session->get_session( { storage_method => 'file' } );
+        $sessionID = $session->id;
+    }
     $template->param(
         %info,
         sessionID => $sessionID,
-- 
2.39.5