summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Auth')
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm9
1 files changed, 9 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 9098f8989..420bad16b 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -60,6 +60,8 @@ sub persist_login {
# subsequent login
trick_taint($ip_addr);
+ $dbh->bz_start_transaction();
+
my $login_cookie =
Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie');
@@ -67,6 +69,13 @@ sub persist_login {
VALUES (?, ?, ?, NOW())",
undef, $login_cookie, $user->id, $ip_addr);
+ # Issuing a new cookie is a good time to clean up the old
+ # cookies.
+ $dbh->do("DELETE FROM logincookies WHERE lastused < LOCALTIMESTAMP(0) - "
+ . $dbh->sql_interval(MAX_LOGINCOOKIE_AGE, 'DAY'));
+
+ $dbh->bz_commit_transaction();
+
# Prevent JavaScript from accessing login cookies.
my %cookieargs = ('-httponly' => 1);
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-12 19:38:41 +0200