Bug 611891: Don't generate cookies for logins done over GET via the WebService

r=glob, a=mkanat

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e3f838b3952869d62cfff2fb825c10c164b5cc86..7829538784bb55c43f79d9740f83ba010f8b8835 100644 (file)
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -146,7 +146,12 @@ sub _handle_login_result {
     my $fail_code = $result->{failure};
 
     if (!$fail_code) {
-        if ($self->{_info_getter}->{successful}->requires_persistence) {
+        # We don't persist logins over GET requests in the WebService,
+        # because the persistance information can't be re-used again.
+        # (See Bugzilla::WebService::Server::JSONRPC for more info.)
+        if ($self->{_info_getter}->{successful}->requires_persistence
+            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
+        {
             $self->{_persister}->persist_login($user);
         }
     }