From a7a37db9a4c21ff345a91492631b43d5feff8e39 Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Sun, 14 Nov 2010 23:36:39 -0800
Subject: Bug 611891: Don't generate cookies for logins done over GET via the
 WebService r=glob, a=mkanat

---
 Bugzilla/Auth.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Auth.pm')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e3f838b39..782953878 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -146,7 +146,12 @@ sub _handle_login_result {
     my $fail_code = $result->{failure};
 
     if (!$fail_code) {
-        if ($self->{_info_getter}->{successful}->requires_persistence) {
+        # We don't persist logins over GET requests in the WebService,
+        # because the persistance information can't be re-used again.
+        # (See Bugzilla::WebService::Server::JSONRPC for more info.)
+        if ($self->{_info_getter}->{successful}->requires_persistence
+            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
+        {
             $self->{_persister}->persist_login($user);
         }
     }
-- 
cgit v1.2.3-24-g4f1b