From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 15 Nov 2010 07:37:31 +0000 (-0800)
Subject: Bug 611891: Don't generate cookies for logins done over GET via the WebService
X-Git-Tag: bugzilla-4.0rc2~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06f509c7d24764e0305684659df1b9c07c084894;p=thirdparty%2Fbugzilla.git

Bug 611891: Don't generate cookies for logins done over GET via the WebService
r=glob, a=mkanat
---

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e3f838b395..7829538784 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -146,7 +146,12 @@ sub _handle_login_result {
     my $fail_code = $result->{failure};
 
     if (!$fail_code) {
-        if ($self->{_info_getter}->{successful}->requires_persistence) {
+        # We don't persist logins over GET requests in the WebService,
+        # because the persistance information can't be re-used again.
+        # (See Bugzilla::WebService::Server::JSONRPC for more info.)
+        if ($self->{_info_getter}->{successful}->requires_persistence
+            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
+        {
             $self->{_persister}->persist_login($user);
         }
     }