From c83c4f78bb91c27e2ffd0e5fb8091fe6795885b8 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Mon, 4 Apr 2016 16:37:25 +0000
Subject: Bug 1197061 - don't create a new session for every authenticated
 XMLRPC/JSONRPC call

---
 Bugzilla/WebService/Server.pm | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm
index d1e17a950..a84ba2961 100644
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -35,6 +35,13 @@ sub handle_login {
         Bugzilla->metrics->name("$class $method");
     }
 
+    # We never want to create a new session unless the user is calling the
+    # login method.  Setting dont_persist_session makes
+    # Bugzilla::Auth::_handle_login_result() skip calling persist_login().
+    if ($full_method ne 'User.login') {
+        Bugzilla->request_cache->{dont_persist_session} = 1;
+    }
+
     eval "require $class";
     ThrowCodeError('unknown_method', {method => $full_method}) if $@;
     return if ($class->login_exempt($method) 
-- 
cgit v1.2.3-24-g4f1b