From 09854bc35b46dc887e49ee307d71fa6ceab9813b Mon Sep 17 00:00:00 2001
From: Mike Rylander <mrylander@gmail.com>
Date: Thu, 27 Jul 2017 12:59:43 -0400
Subject: [PATCH] offline: Prefer user-supplied param to browser-supplied
 cookie in the authen proxy

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
---
 Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
index 5b1c64b77d..2366cfe07e 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
@@ -39,8 +39,8 @@ sub handler {
     return Apache2::Const::NOT_FOUND unless (@$perms);
 
     my $cgi = new CGI;
-    my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses');
-    my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->cookie('ws_ou') || $cgi->param('ws_ou');
+    my $auth_ses = $cgi->param('ses') || $cgi->cookie('ses');
+    my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->param('ws_ou') || $cgi->cookie('ws_ou');
 
     my $url = $cgi->url;
     my $bad_auth = 1; # Assume failure until proven otherwise ;)
-- 
2.43.2