From: Moritz Bunkus Date: Thu, 30 Dec 2010 15:11:53 +0000 (+0100) Subject: Nur dann Cookie setzen, wenn eine Session-ID vorhanden ist X-Git-Tag: release-2.6.2beta1~17^2~5 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=a97ebf45a374c126b9b5960c08d07bb4cbedfc4c;p=kivitendo-erp.git Nur dann Cookie setzen, wenn eine Session-ID vorhanden ist Andernfalls wird bei einigen Fehlern (z.B. "action not defined") das Cookie auf 'NO_SESSION' zurückgesetzt, weil in dem Moment die Session noch nicht wiederhergestellt wurde. Erschwert die Entwicklung ungemein. --- diff --git a/SL/Auth.pm b/SL/Auth.pm index a11fbafb0..2bd2d09c0 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -489,7 +489,7 @@ sub restore_session { if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) { $self->destroy_session(); $main::lxdebug->leave_sub(); - return SESSION_EXPIRED; + return $cookie ? SESSION_EXPIRED : SESSION_NONE; } $query = qq|SELECT sess_key, sess_value FROM auth.session_content WHERE session_id = ?|; diff --git a/SL/Form.pm b/SL/Form.pm index dc0316841..6785c3ace 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -594,20 +594,21 @@ sub create_http_response { pop @segments; $uri->path_segments(@segments); - my $session_cookie_value = $main::auth->get_session_id(); - $session_cookie_value ||= 'NO_SESSION'; + my $session_cookie_value = $main::auth->get_session_id(); - $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), - '-value' => $session_cookie_value, - '-path' => $uri->path, - '-secure' => $ENV{HTTPS}); + if ($session_cookie_value) { + $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), + '-value' => $session_cookie_value, + '-path' => $uri->path, + '-secure' => $ENV{HTTPS}); + } } my %cgi_params = ('-type' => $params{content_type}); $cgi_params{'-charset'} = $params{charset} if ($params{charset}); + $cgi_params{'-cookie'} = $session_cookie if ($session_cookie); - my $output = $cgi->header('-cookie' => $session_cookie, - %cgi_params); + my $output = $cgi->header(%cgi_params); $main::lxdebug->leave_sub();