X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=0015a14e2d6e581d178fe8b6e60d8b70e0fee67e;hb=08382876306cfda839637c5f72a107b304458a8e;hp=10cbea3f3cbaa058381f629d6129f52f17d98241;hpb=f029e9aba7d6c03b3c8e19697af31071b595dcc9;p=koha.git

diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm
index 10cbea3f3c..0015a14e2d 100644
--- a/installer/InstallAuth.pm
+++ b/installer/InstallAuth.pm
@@ -262,7 +262,11 @@ sub checkauth {
                 $session->param('emailaddress'),
                 $session->param('branchprinter')
             );
-            $cookie   = $query->cookie( CGISESSID => $session->id );
+            $cookie = $query->cookie(
+                -name     => 'CGISESSID',
+                -value    => $session->id,
+                -HttpOnly => 1,
+            );
             $loggedin = 1;
             $userid   = $session->param('cardnumber');
         }
@@ -274,11 +278,12 @@ sub checkauth {
             C4::Context->_unset_userenv($sessionID);
             $sessionID = undef;
             $userid    = undef;
-            open L, ">>/tmp/sessionlog";
-            my $time = localtime( time() );
-            printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
-              $ip, $time;
-            close L;
+	   # Commented out due to its lack of usefulness
+           # open L, ">>/tmp/sessionlog";
+           # my $time = localtime( time() );
+           # printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
+           #   $ip, $time;
+           # close L;
         }
     }
     unless ($userid) {
@@ -292,12 +297,16 @@ sub checkauth {
         my ( $return, $cardnumber ) = checkpw( $userid, $password );
         if ($return) {
             $loggedin = 1;
-            open L, ">>/tmp/sessionlog";
-            my $time = localtime( time() );
-            printf L "%20s from %16s logged in  at %30s.\n", $userid,
-              $ENV{'REMOTE_ADDR'}, $time;
-            close L;
-            $cookie = $query->cookie( CGISESSID => $sessionID );
+            # open L, ">>/tmp/sessionlog";
+            # my $time = localtime( time() );
+            # printf L "%20s from %16s logged in  at %30s.\n", $userid,
+            #  $ENV{'REMOTE_ADDR'}, $time;
+            # close L;
+            $cookie = $query->cookie(
+                -name     => 'CGISESSID',
+                -value    => $sessionID,
+                -HttpOnly => 1,
+            );
             if ( $return == 2 ) {
 
            #Only superlibrarian should have access to this page.
@@ -341,6 +350,7 @@ sub checkauth {
             $cookie = $query->cookie(
                 -name    => 'CGISESSID',
                 -value   => '',
+                -HttpOnly => 1,
                 -expires => ''
             );
         }
@@ -381,6 +391,7 @@ sub checkauth {
     $cookie = $query->cookie(
         -name    => 'CGISESSID',
         -value   => $sessionID,
+        -HttpOnly => 1,
         -expires => ''
     );
     print $query->header(