From: Mike Rylander <mrylander@gmail.com>
Date: Thu, 27 Jul 2017 16:59:43 +0000 (-0400)
Subject: offline: Prefer user-supplied param to browser-supplied cookie in the authen proxy
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=208a685028f0ec165dd4a616545c4605992a8e9f;p=working%2FEvergreen.git

offline: Prefer user-supplied param to browser-supplied cookie in the authen proxy

Signed-off-by: Mike Rylander <mrylander@gmail.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
index 5b1c64b77d..2366cfe07e 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
@@ -39,8 +39,8 @@ sub handler {
     return Apache2::Const::NOT_FOUND unless (@$perms);
 
     my $cgi = new CGI;
-    my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses');
-    my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->cookie('ws_ou') || $cgi->param('ws_ou');
+    my $auth_ses = $cgi->param('ses') || $cgi->cookie('ses');
+    my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->param('ws_ou') || $cgi->cookie('ws_ou');
 
     my $url = $cgi->url;
     my $bad_auth = 1; # Assume failure until proven otherwise ;)