From 0311719de2bf521750b48df7cc8c03d917648881 Mon Sep 17 00:00:00 2001
From: Thomas Berezansky <tsbere@mvlc.org>
Date: Tue, 22 Dec 2015 13:11:47 -0500
Subject: [PATCH] Selfcheck Cookie Path

Change base.xul/base.js to support a "cookie path" option to limit what paths
will use the login cookie, then tell the selfcheck interface to use it.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
---
 Open-ILS/src/templates/base.tt2                | 2 +-
 Open-ILS/src/templates/circ/selfcheck/main.tt2 | 2 +-
 Open-ILS/web/js/ui/base.js                     | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Open-ILS/src/templates/base.tt2 b/Open-ILS/src/templates/base.tt2
index a6f4b8c8bb..a688351233 100644
--- a/Open-ILS/src/templates/base.tt2
+++ b/Open-ILS/src/templates/base.tt2
@@ -10,7 +10,7 @@
         <script type="text/javascript" src="/js/dojo/dojo/dojo.js"></script>
         <script type="text/javascript" src="[% ctx.media_prefix %]/js/dojo/dojo/openils_dojo.js"></script>
         <script type="text/javascript" src="[% ctx.media_prefix %]/js/dojo/opensrf/md5.js"></script>
-        <script type="text/javascript">var oilsBasePath = [% IF ctx.base_path.substr(0,1) == '/' %]location.href.replace(RegExp(location.pathname + '.*'),'') +[% END %] '[% ctx.base_path %]'</script>
+        <script type="text/javascript">var oilsBasePath = [% IF ctx.base_path.substr(0,1) == '/' %]location.href.replace(RegExp(location.pathname + '.*'),'') +[% END %] '[% ctx.base_path %]'; var oilsCookiePath = '[% ctx.oilsCookiePath or '/' %]';</script>
         <script type="text/javascript" src="[% ctx.media_prefix %]/js/ui/base.js"></script>
         <script type="text/javascript">
             dojo.require("dijit.layout.LayoutContainer");
diff --git a/Open-ILS/src/templates/circ/selfcheck/main.tt2 b/Open-ILS/src/templates/circ/selfcheck/main.tt2
index 0588c60ba3..0222e5f48c 100644
--- a/Open-ILS/src/templates/circ/selfcheck/main.tt2
+++ b/Open-ILS/src/templates/circ/selfcheck/main.tt2
@@ -1,4 +1,4 @@
-[% ctx.page_title = l('Self Checkout') %]
+[% ctx.page_title = l('Self Checkout'); ctx.oilsCookiePath = '/eg/circ/selfcheck/' %]
 [% WRAPPER base.tt2 %]
 <script type="text/javascript" src='[% ctx.media_prefix %]/js/ui/default/circ/selfcheck/selfcheck.js'> </script>
 <script type="text/javascript" src="[% ctx.media_prefix %]/js/ui/default/circ/selfcheck/payment.js"></script>
diff --git a/Open-ILS/web/js/ui/base.js b/Open-ILS/web/js/ui/base.js
index c6ed445bfa..aefd735143 100644
--- a/Open-ILS/web/js/ui/base.js
+++ b/Open-ILS/web/js/ui/base.js
@@ -47,7 +47,7 @@ function oilsSetupUser() {
 
         if(!authtoken) {
 
-            dojo.cookie('ses', null, {expires:-1, path:'/'}); // remove the cookie
+            dojo.cookie('ses', null, {expires:-1, path:oilsCookiePath}); // remove the cookie
 
             dojo.addOnLoad(function(){
                 if(openils.XUL.isXUL()) {
@@ -67,7 +67,7 @@ function oilsSetupUser() {
         }
     }
 
-    dojo.cookie('ses', authtoken, {path:'/', 'secure' : true});
+    dojo.cookie('ses', authtoken, {path:oilsCookiePath, 'secure' : true});
     openils.User.authtoken = authtoken;
     openils.User.workstation = workstation;
     return authtoken;
@@ -115,7 +115,7 @@ function oilsDoLogin() {
         args.workstation = workstation;
 
     if(user.login(args)) {
-        dojo.cookie('ses', user.authtoken, {path : '/'});
+        dojo.cookie('ses', user.authtoken, {path : oilsCookiePath});
         location.href = location.href;
     } else {
         openils.Util.show('oils-login-failed');
-- 
2.11.0