diff options
author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-11-15 08:36:39 +0100 |
---|---|---|
committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-11-15 08:36:39 +0100 |
commit | a7a37db9a4c21ff345a91492631b43d5feff8e39 (patch) | |
tree | 4633eea21db1046100a48f79645af1b05b4b5bba /Bugzilla/Auth.pm | |
parent | 41c2692f2c83f2e96f396fb9055c8f321f363a6d (diff) | |
download | bugzilla-a7a37db9a4c21ff345a91492631b43d5feff8e39.tar.gz bugzilla-a7a37db9a4c21ff345a91492631b43d5feff8e39.tar.xz |
Bug 611891: Don't generate cookies for logins done over GET via the WebService
r=glob, a=mkanat
Diffstat (limited to 'Bugzilla/Auth.pm')
-rw-r--r-- | Bugzilla/Auth.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index e3f838b39..782953878 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -146,7 +146,12 @@ sub _handle_login_result { my $fail_code = $result->{failure}; if (!$fail_code) { - if ($self->{_info_getter}->{successful}->requires_persistence) { + # We don't persist logins over GET requests in the WebService, + # because the persistance information can't be re-used again. + # (See Bugzilla::WebService::Server::JSONRPC for more info.) + if ($self->{_info_getter}->{successful}->requires_persistence + and !Bugzilla->request_cache->{auth_no_automatic_login}) + { $self->{_persister}->persist_login($user); } } |