From 6300c6023f49dae4d76dd050d3aac167b7a0b7e4 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 20 Jan 2022 12:05:11 +0100 Subject: [PATCH] Bug 29915: Don't generate a new session ID for anonymous navigation When a user is not logged in, a new session ID is generated every time a new page is hit. Signed-off-by: Marcel de Rooy Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize Signed-off-by: Fridolin Somers --- C4/Auth.pm | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 872d5b5365..e02bf95d9e 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -929,14 +929,11 @@ sub checkauth { -secure => ( C4::Context->https_enabled() ? 1 : 0 ), ); - my $sessiontype = $session->param('sessiontype') || ''; - unless ( $sessiontype && $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in... - $flags = haspermission( $userid, $flagsrequired ); - if ($flags) { - $loggedin = 1; - } else { - $info{'nopermission'} = 1; - } + $flags = haspermission( $userid, $flagsrequired ); + if ($flags) { + $loggedin = 1; + } else { + $info{'nopermission'} = 1; } } } elsif ( !$logout ) { @@ -957,7 +954,7 @@ sub checkauth { unless ( $userid ) { #we initiate a session prior to checking for a username to allow for anonymous sessions... - my $session = get_session("") or die "Auth ERROR: Cannot get_session()"; + $session ||= get_session("") or die "Auth ERROR: Cannot get_session()"; # Save anonymous search history in new session so it can be retrieved # by get_template_and_user to store it in user's search history after -- 2.39.5