diff options
-rw-r--r-- | Bugzilla/Auth.pm | 7 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 6583d4e8b..88eadbe19 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -172,8 +172,11 @@ sub _handle_login_result { # because the persistance information can't be re-used again. # (See Bugzilla::WebService::Server::JSONRPC for more info.) if ($self->{_info_getter}->{successful}->requires_persistence - and !Bugzilla->request_cache->{auth_no_automatic_login}) - { + and !( + Bugzilla->request_cache->{auth_no_automatic_login} + || Bugzilla->request_cache->{dont_persist_session} + ) + ) { $user->{_login_token} = $self->{_persister}->persist_login($user); } } diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 858375247..d94fb1d81 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -189,6 +189,13 @@ sub handle_login { my $full_method = $class . "." . $method; $full_method =~ s/^Bugzilla::WebService:://; + # We never want to create a new session unless the user is calling the + # login method. Setting dont_persist_session makes + # Bugzilla::Auth::_handle_login_result() skip calling persist_login(). + if ($full_method ne 'User.login') { + Bugzilla->request_cache->{dont_persist_session} = 1; + } + # Bypass JSONRPC::handle_login Bugzilla::WebService::Server->handle_login($class, $method, $full_method); } |