From ca9691331fb19542477b6205024921388321829b Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Fri, 21 Aug 2015 12:02:59 +0800
Subject: Bug 1195645 - don't create a new session for every authenticated
 REST/BzAPI call

---
 Bugzilla/Auth.pm                   | 7 +++++--
 Bugzilla/WebService/Server/REST.pm | 7 +++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 6583d4e8b..88eadbe19 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -172,8 +172,11 @@ sub _handle_login_result {
         # because the persistance information can't be re-used again.
         # (See Bugzilla::WebService::Server::JSONRPC for more info.)
         if ($self->{_info_getter}->{successful}->requires_persistence
-            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
-        {
+            and !(
+                Bugzilla->request_cache->{auth_no_automatic_login}
+                || Bugzilla->request_cache->{dont_persist_session}
+            )
+        ) {
             $user->{_login_token} = $self->{_persister}->persist_login($user);
         }
     }
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 858375247..d94fb1d81 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -189,6 +189,13 @@ sub handle_login {
     my $full_method = $class . "." . $method;
     $full_method =~ s/^Bugzilla::WebService:://;
 
+    # We never want to create a new session unless the user is calling the
+    # login method.  Setting dont_persist_session makes
+    # Bugzilla::Auth::_handle_login_result() skip calling persist_login().
+    if ($full_method ne 'User.login') {
+        Bugzilla->request_cache->{dont_persist_session} = 1;
+    }
+
     # Bypass JSONRPC::handle_login
     Bugzilla::WebService::Server->handle_login($class, $method, $full_method);
 }
-- 
cgit v1.2.3-24-g4f1b