From 06f509c7d24764e0305684659df1b9c07c084894 Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Sun, 14 Nov 2010 23:37:31 -0800
Subject: [PATCH] Bug 611891: Don't generate cookies for logins done over GET
 via the WebService r=glob, a=mkanat

---
 Bugzilla/Auth.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e3f838b395..7829538784 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -146,7 +146,12 @@ sub _handle_login_result {
     my $fail_code = $result->{failure};
 
     if (!$fail_code) {
-        if ($self->{_info_getter}->{successful}->requires_persistence) {
+        # We don't persist logins over GET requests in the WebService,
+        # because the persistance information can't be re-used again.
+        # (See Bugzilla::WebService::Server::JSONRPC for more info.)
+        if ($self->{_info_getter}->{successful}->requires_persistence
+            and !Bugzilla->request_cache->{auth_no_automatic_login}) 
+        {
             $self->{_persister}->persist_login($user);
         }
     }
-- 
2.47.2