diff options
author | bbaetz%student.usyd.edu.au <> | 2002-02-04 21:23:04 +0100 |
---|---|---|
committer | bbaetz%student.usyd.edu.au <> | 2002-02-04 21:23:04 +0100 |
commit | 788e94b41f8124a05c6f25bf3084fcdaa36f4d63 (patch) | |
tree | e7313868133ce351cc5719c3da5da944ee2a6515 /relogin.cgi | |
parent | 7398c1d65281cf04584652f3b854dc5e9d471175 (diff) | |
download | bugzilla-788e94b41f8124a05c6f25bf3084fcdaa36f4d63.tar.gz bugzilla-788e94b41f8124a05c6f25bf3084fcdaa36f4d63.tar.xz |
Bug 95732 - remove logincookies.cryptpassword, and invalidate cookies from
the db when required instead.
(Also fixes bug 58242 as a side effect)
r=myk, kiko
Diffstat (limited to 'relogin.cgi')
-rwxr-xr-x | relogin.cgi | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/relogin.cgi b/relogin.cgi index 091a96e8d..a0ec4f105 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -29,6 +29,25 @@ use lib qw(.); require "CGI.pl"; +# We don't want to remove a random logincookie from the db, so +# call quietly_check_login. If we're logged in after this, then +# the logincookie must be correct + +ConnectToDatabase(); +quietly_check_login(); + +if ($::userid) { + # Even though we know the userid must match, we still check it in the + # SQL as a sanity check, since there is no locking here, and if + # the user logged out from two machines simulataniously, while someone + # else logged in and got the same cookie, we could be logging the + # other user out here. Yes, this is very very very unlikely, but why + # take chances? - bbaetz + SendSQL("DELETE FROM logincookies WHERE cookie = " . + SqlQuote($::COOKIE{"Bugzilla_logincookie"}) . + "AND userid = $::userid"); +} + my $cookiepath = Param("cookiepath"); print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT |