Bug 611891: Don't generate cookies for logins done over GET via the WebService

r=glob, a=mkanat

Bug 611891: Don't generate cookies for logins done over GET via the WebService
a7a37db9 · Max Kanat-Alexander · 41c2692f · a7a37db9
Commit a7a37db9 authored Nov 14, 2010 by Max Kanat-Alexander
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

Auth.pm Bugzilla/Auth.pm +6 -1

No files found.
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -146,7 +146,12 @@ sub _handle_login_result {
    my $fail_code = $result->{failure};

    if (!$fail_code) {
-        if ($self->{_info_getter}->{successful}->requires_persistence) {
+        # We don't persist logins over GET requests in the WebService,
+        # because the persistance information can't be re-used again.
+        # (See Bugzilla::WebService::Server::JSONRPC for more info.)
+        if ($self->{_info_getter}->{successful}->requires_persistence
+            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
+        {
            $self->{_persister}->persist_login($user);
        }
    }