summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-03-06 12:54:06 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2013-03-06 12:54:06 +0000
commite87049bac944f4909502a4db359ce90f50e91784 (patch)
treea153ac8562954dd247e33394a55e7905ce898a3a
parent2b12f238fa67acd4d31a9ad399c414ff498c4072 (diff)
downloadmod_auth_mellon-e87049bac944f4909502a4db359ce90f50e91784.tar.gz
mod_auth_mellon-e87049bac944f4909502a4db359ce90f50e91784.tar.xz
mod_auth_mellon-e87049bac944f4909502a4db359ce90f50e91784.zip
Do not mark a session as logged in before all processing is completed.
If we mark the session as logged in before all processing is completed, a failure during login processing (e.g. too big attribute values) can cause a user to receive a "half-authenticated" session. This patch changes the code so that the last task before releaseing the session is to mark it as logged in. git-svn-id: https://modmellon.googlecode.com/svn/trunk@184 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat
-rw-r--r--auth_mellon_handler.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 5b3417a..3007a01 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -1591,9 +1591,6 @@ static int add_attributes(am_cache_entry_t *session, request_rec *r,
+ apr_time_make(dir_cfg->session_length, 0));
}
- /* Mark user as logged in. */
- session->logged_in = 1;
-
/* Save session information. */
ret = am_cache_env_append(session, "NAME_ID", name_id);
if(ret != OK) {
@@ -1911,6 +1908,9 @@ static int am_handle_reply_common(request_rec *r, LassoLogin *login,
return rc;
}
+ /* Mark user as logged in. */
+ session->logged_in = 1;
+
am_release_request_session(r, session);
lasso_login_destroy(login);
generated by cgit (git 2.34.1) at 2024-04-19 12:57:58 +0000