From 5c76819f088805d6a3b483b00c34850eb766025a Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Tue, 20 Jan 2009 20:09:46 +0000
Subject: Bug 134022: PERFORMANCE: deleting old login cookies locks login
 checks Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

---
 Bugzilla/Auth.pm | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

(limited to 'Bugzilla/Auth.pm')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 74678afa8..8e18f8699 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -151,23 +151,17 @@ sub _handle_login_result {
         ThrowCodeError($result->{error}, $result->{details});
     }
     elsif ($fail_code == AUTH_NODATA) {
-        if ($login_type == LOGIN_REQUIRED) {
-            # This seems like as good as time as any to get rid of
-            # old crufty junk in the logincookies table.  Get rid
-            # of any entry that hasn't been used in a month.
-            $dbh->do("DELETE FROM logincookies WHERE " .
-                     $dbh->sql_to_days('NOW()') . " - " .
-                     $dbh->sql_to_days('lastused') . " > 30");
-            $self->{_info_getter}->fail_nodata($self);
-        }
-        # Otherwise, we just return the "default" user.
+        $self->{_info_getter}->fail_nodata($self) 
+            if $login_type == LOGIN_REQUIRED;
+
+        # If we're not LOGIN_REQUIRED, we just return the default user.
         $user = Bugzilla->user;
     }
     # The username/password may be wrong
     # Don't let the user know whether the username exists or whether
     # the password was just wrong. (This makes it harder for a cracker
     # to find account names by brute force)
-    elsif (($fail_code == AUTH_LOGINFAILED) || ($fail_code == AUTH_NO_SUCH_USER)) {
+    elsif ($fail_code == AUTH_LOGINFAILED or $fail_code == AUTH_NO_SUCH_USER) {
         ThrowUserError("invalid_username_or_password");
     }
     # The account may be disabled
-- 
cgit v1.2.3-24-g4f1b