diff options
| author | kiko%async.com.br <> | 2003-11-27 10:00:59 +0100 |
|---|---|---|
| committer | kiko%async.com.br <> | 2003-11-27 10:00:59 +0100 |
| commit | cfc22fd3235fd19566152ed9eb4280f58f9926c6 (patch) | |
| tree | a9d44b213ee57e61444bd5f1c47314502f927c54 /Bugzilla | |
| parent | 44a7b4d9294e1bffff4362fdf4075059b03eb95a (diff) | |
| download | bugzilla-cfc22fd3235fd19566152ed9eb4280f58f9926c6.tar.gz bugzilla-cfc22fd3235fd19566152ed9eb4280f58f9926c6.tar.xz | |
Bug 226324: Move relogin.cgi code to Bugzilla::Auth::CGI. Provide a
logout() method that is proxied through Bugzilla.pm's logout(), and fix
callers to use it. r=justdave, bbaetz, a=justdave
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Auth/CGI.pm | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/Bugzilla/Auth/CGI.pm b/Bugzilla/Auth/CGI.pm index e223c9fee..afbf98b27 100644 --- a/Bugzilla/Auth/CGI.pm +++ b/Bugzilla/Auth/CGI.pm @@ -177,6 +177,28 @@ sub login { } +sub logout { + my ($class, $user) = @_; + + if ($user) { + # Even though we know the userid must match, we still check it in the + # SQL as a sanity check, since there is no locking here, and if + # the user logged out from two machines simulataniously, while someone + # else logged in and got the same cookie, we could be logging the + # other user out here. Yes, this is very very very unlikely, but why + # take chances? - bbaetz + my $dbh = Bugzilla->dbh; + $dbh->do("DELETE FROM logincookies WHERE cookie = ? AND userid = ?", + undef, $::COOKIE{"Bugzilla_logincookie"}, $user->id); + } + + my $cgi = Bugzilla->cgi; + $cgi->send_cookie(-name => "Bugzilla_login", + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); + $cgi->send_cookie(-name => "Bugzilla_logincookie", + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); +} + 1; __END__ @@ -188,7 +210,7 @@ Bugzilla::Auth::CGI - CGI-based logins for Bugzilla =head1 SUMMARY This is a L<login module|Bugzilla::Auth/"LOGIN"> for Bugzilla. Users connecting -from a CGI script use this module to authenticate. +from a CGI script use this module to authenticate. Logouts are also handled here. =head1 BEHAVIOUR @@ -198,6 +220,9 @@ using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>. If no data is present for that, then cookies are tried, using L<Bugzilla::Auth::Cookie>. +When a logout is performed, we take care of removing the relevant +logincookie database entry and effectively deleting the client cookie. + =head1 SEE ALSO L<Bugzilla::Auth> |