my $U = 'OpenILS::Application::AppUtils';
use constant COOKIE_SES => 'ses';
+use constant COOKIE_SHARED_SES => 'shared_ses';
use constant COOKIE_LOGGEDIN => 'eg_loggedin';
use constant COOKIE_PHYSICAL_LOC => 'eg_physical_loc';
use constant COOKIE_SSS_EXPAND => 'eg_sss_expand';
$ctx->{home_page} = $ctx->{proto} . '://' . $ctx->{hostname} . $self->ctx->{opac_root} . "/home";
$ctx->{logout_page} = ($ctx->{proto} eq 'http' ? 'https' : $ctx->{proto} ) . '://' . $ctx->{hostname} . $self->ctx->{opac_root} . "/logout";
- if($e->authtoken($self->cgi->cookie(COOKIE_SES))) {
+ if($e->authtoken($self->cgi->cookie(COOKIE_SES)) || $e->authtoken($self->cgi->cookie(COOKIE_SHARED_SES))) {
if($e->checkauth) {
# both login-related cookies should expire at the same time
my $login_cookie_expires = ($persist) ? CORE::time + $response->{payload}->{authtime} : undef;
+ my $cookies = [
+ # contains the actual auth token and should be sent only over https
+ $cgi->cookie(
+ -name => COOKIE_SES,
+ -path => '/',
+ -secure => 1,
+ -value => $response->{payload}->{authtoken},
+ -expires => $login_cookie_expires
+ ),
+ # contains only a hint that we are logged in, and is used to
+ # trigger a redirect to https
+ $cgi->cookie(
+ -name => COOKIE_LOGGEDIN,
+ -path => '/',
+ -secure => 0,
+ -value => '1',
+ -expires => $login_cookie_expires
+ )
+ ];
+
+ if (defined($ENV{shared_ses_domain} && $self->apache->hostname =~ /$ENV{shares_ses_domain}/)) {
+ push @$cookies,
+ # an optional domain-shared copy of the auth token, useful for
+ # some SSO-like environments
+ $cgi->cookie(
+ -name => COOKIE_SHARED_SES,
+ -path => '/',
+ -domain => $ENV{shared_ses_domain},
+ -secure => 1,
+ -value => $response->{payload}->{authtoken},
+ -expires => $login_cookie_expires
+ );
+ }
+
return $self->generic_redirect(
- $cgi->param('redirect_to') || $acct,
- [
- # contains the actual auth token and should be sent only over https
- $cgi->cookie(
- -name => COOKIE_SES,
- -path => '/',
- -secure => 1,
- -value => $response->{payload}->{authtoken},
- -expires => $login_cookie_expires
- ),
- # contains only a hint that we are logged in, and is used to
- # trigger a redirect to https
- $cgi->cookie(
- -name => COOKIE_LOGGEDIN,
- -path => '/',
- -secure => 0,
- -value => '1',
- -expires => $login_cookie_expires
- )
- ]
+ $cgi->param('redirect_to') || $acct, $cookies
);
}
return $self->generic_redirect(
$redirect_to || $self->ctx->{home_page},
[
- # clear value of and expire both of these login-related cookies
+ # clear value of and expire all of these login-related cookies
$self->cgi->cookie(
-name => COOKIE_SES,
-path => '/',
-value => '',
-expires => '-1h'
),
+ # always try to delete this, even though it may not be enabled
+ $self->cgi->cookie(
+ -name => COOKIE_SHARED_SES,
+ -path => '/',
+ -value => '',
+ -expires => '-1h'
+ ),
$self->cgi->cookie(
-name => COOKIE_LOGGEDIN,
-path => '/',
projects / working / Evergreen.git / commitdiff