Avoid to renew double cookie sessions for refresh request (#1747)
This commit is contained in:
parent
a03301fabd
commit
59f07b7b8f
|
@ -1,6 +1,6 @@
|
|||
package Lemonldap::NG::Portal::Main::Process;
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
our $VERSION = '2.0.5';
|
||||
|
||||
package Lemonldap::NG::Portal::Main;
|
||||
|
||||
|
@ -432,7 +432,7 @@ sub store {
|
|||
$req->userData( $req->sessionInfo );
|
||||
|
||||
# Create second session for unsecure cookie
|
||||
if ( $self->conf->{securedCookie} == 2 ) {
|
||||
if ( $self->conf->{securedCookie} == 2 and !$req->refresh() ) {
|
||||
my %infos = %{ $req->{sessionInfo} };
|
||||
$infos{_httpSessionType} = 1;
|
||||
|
||||
|
@ -467,12 +467,14 @@ sub store {
|
|||
$req->id( $session->{id} );
|
||||
|
||||
# Compute unsecured cookie value if needed
|
||||
if ( $self->conf->{securedCookie} == 3 ) {
|
||||
if ( $self->conf->{securedCookie} == 3 and !$req->refresh() ) {
|
||||
$req->{sessionInfo}->{_httpSession} =
|
||||
$self->conf->{cipher}->encryptHex( $req->{id}, "http" );
|
||||
$self->logger->debug( " -> Compute unsecured cookie value : "
|
||||
. $req->{sessionInfo}->{_httpSession} );
|
||||
}
|
||||
$req->refresh(0);
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ use strict;
|
|||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants ':all';
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
our $VERSION = '2.0.5';
|
||||
|
||||
extends 'Lemonldap::NG::Common::PSGI::Request';
|
||||
|
||||
|
@ -65,6 +65,9 @@ has menuError => ( is => 'rw' );
|
|||
# Frame flag (used by Run to not send Content-Security-Policy header)
|
||||
has frame => ( is => 'rw' );
|
||||
|
||||
# Refresh flag to avoid double cookies sessions to be renewed
|
||||
has refresh => ( is => 'rw' );
|
||||
|
||||
# Security
|
||||
#
|
||||
# Captcha
|
||||
|
|
|
@ -163,6 +163,7 @@ sub refresh {
|
|||
'setLocalGroups',
|
||||
sub {
|
||||
$req->sessionInfo->{$_} = $data{$_} foreach ( keys %data );
|
||||
$req->refresh(1);
|
||||
return PE_OK;
|
||||
},
|
||||
'store',
|
||||
|
|
Loading…
Reference in New Issue
Block a user