summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-08-21 06:02:59 +0200
committerByron Jones <glob@mozilla.com>2015-08-21 06:02:59 +0200
commitca9691331fb19542477b6205024921388321829b (patch)
treee36c885b8675c4aea7a7e1d9850eb4edc97c8b9c /Bugzilla
parent667ecc34ee8336e97fba1229e7b520bf42293860 (diff)
downloadbugzilla-ca9691331fb19542477b6205024921388321829b.tar.gz
bugzilla-ca9691331fb19542477b6205024921388321829b.tar.xz
Bug 1195645 - don't create a new session for every authenticated REST/BzAPI call
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Auth.pm7
-rw-r--r--Bugzilla/WebService/Server/REST.pm7
2 files changed, 12 insertions, 2 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 6583d4e8b..88eadbe19 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -172,8 +172,11 @@ sub _handle_login_result {
# because the persistance information can't be re-used again.
# (See Bugzilla::WebService::Server::JSONRPC for more info.)
if ($self->{_info_getter}->{successful}->requires_persistence
- and !Bugzilla->request_cache->{auth_no_automatic_login})
- {
+ and !(
+ Bugzilla->request_cache->{auth_no_automatic_login}
+ || Bugzilla->request_cache->{dont_persist_session}
+ )
+ ) {
$user->{_login_token} = $self->{_persister}->persist_login($user);
}
}
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 858375247..d94fb1d81 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -189,6 +189,13 @@ sub handle_login {
my $full_method = $class . "." . $method;
$full_method =~ s/^Bugzilla::WebService:://;
+ # We never want to create a new session unless the user is calling the
+ # login method. Setting dont_persist_session makes
+ # Bugzilla::Auth::_handle_login_result() skip calling persist_login().
+ if ($full_method ne 'User.login') {
+ Bugzilla->request_cache->{dont_persist_session} = 1;
+ }
+
# Bypass JSONRPC::handle_login
Bugzilla::WebService::Server->handle_login($class, $method, $full_method);
}