diff options
Diffstat (limited to 'Bugzilla/Auth/Persist/Cookie.pm')
-rw-r--r-- | Bugzilla/Auth/Persist/Cookie.pm | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 9098f8989..420bad16b 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -60,6 +60,8 @@ sub persist_login { # subsequent login trick_taint($ip_addr); + $dbh->bz_start_transaction(); + my $login_cookie = Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie'); @@ -67,6 +69,13 @@ sub persist_login { VALUES (?, ?, ?, NOW())", undef, $login_cookie, $user->id, $ip_addr); + # Issuing a new cookie is a good time to clean up the old + # cookies. + $dbh->do("DELETE FROM logincookies WHERE lastused < LOCALTIMESTAMP(0) - " + . $dbh->sql_interval(MAX_LOGINCOOKIE_AGE, 'DAY')); + + $dbh->bz_commit_transaction(); + # Prevent JavaScript from accessing login cookies. my %cookieargs = ('-httponly' => 1); |