Nur dann Cookie setzen, wenn eine Session-ID vorhanden ist

[kivitendo-erp.git] / SL / Form.pm

diff --git a/SL/Form.pm b/SL/Form.pm
index dc0316841c699916acc4cb129a4b3d04ad5d97dc..6785c3ace1ba71284aabaab7ff799dddb016e49c 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -594,20 +594,21 @@ sub create_http_response {
     pop @segments;
     $uri->path_segments(@segments);
 
-    my $session_cookie_value   = $main::auth->get_session_id();
-    $session_cookie_value    ||= 'NO_SESSION';
+    my $session_cookie_value = $main::auth->get_session_id();
 
-    $session_cookie = $cgi->cookie('-name'   => $main::auth->get_session_cookie_name(),
-                                   '-value'  => $session_cookie_value,
-                                   '-path'   => $uri->path,
-                                   '-secure' => $ENV{HTTPS});
+    if ($session_cookie_value) {
+      $session_cookie = $cgi->cookie('-name'   => $main::auth->get_session_cookie_name(),
+                                     '-value'  => $session_cookie_value,
+                                     '-path'   => $uri->path,
+                                     '-secure' => $ENV{HTTPS});
+    }
   }
 
   my %cgi_params = ('-type' => $params{content_type});
   $cgi_params{'-charset'} = $params{charset} if ($params{charset});
+  $cgi_params{'-cookie'}  = $session_cookie  if ($session_cookie);
 
-  my $output = $cgi->header('-cookie' => $session_cookie,
-                            %cgi_params);
+  my $output = $cgi->header(%cgi_params);
 
   $main::lxdebug->leave_sub();