From c3a81e2b700da69cd551752b70369cd3b5083a20 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 14 Feb 2011 13:31:50 -0500 Subject: [PATCH] when authenticated, force the page to redirect the home page after the auth time has expired to protect patron data and prevent potentially confusing post-search-submit redirects --- Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm | 7 ++----- Open-ILS/web/templates/default/opac/parts/base.tt2 | 3 +++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm index 89d616b0bd..a7fc0a7715 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm @@ -139,13 +139,12 @@ sub load_common { $ctx->{path_info} = $self->cgi->path_info; $ctx->{opac_root} = $ctx->{base_path} . "/opac"; # absolute base url $ctx->{is_staff} = ($self->apache->headers_in->get('User-Agent') =~ 'oils_xulrunner'); + $ctx->{home_page} = 'http://' . $self->apache->hostname . $self->ctx->{opac_root} . "/home"; if($e->authtoken($self->cgi->cookie('ses'))) { if($e->checkauth) { - $self->apache->log->warn("authtime = " . $e->authtime); - $ctx->{authtoken} = $e->authtoken; $ctx->{authtime} = $e->authtime; $ctx->{user} = $e->requestor; @@ -234,11 +233,9 @@ sub load_login { sub load_logout { my $self = shift; - my $url = 'http://' . $self->apache->hostname . $self->ctx->{opac_root} . "/home"; - $self->apache->print( $self->cgi->redirect( - -url => $url, + -url => $self->ctx->{home_page}, -cookie => $self->cgi->cookie( -name => 'ses', -path => '/', diff --git a/Open-ILS/web/templates/default/opac/parts/base.tt2 b/Open-ILS/web/templates/default/opac/parts/base.tt2 index 27652a5e13..c83cb88e39 100644 --- a/Open-ILS/web/templates/default/opac/parts/base.tt2 +++ b/Open-ILS/web/templates/default/opac/parts/base.tt2 @@ -2,6 +2,9 @@ + [% IF ctx.authtime %] + + [% END %]