X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=installer%2FInstallAuth.pm;h=a86681565dd9daf5c740c43f6c1be9a023461c80;hb=d0c6e09429d2af711f911b57601a02f17591d441;hp=ccdcbcb10d19f01555530a0f1512b5a4ec62ee5b;hpb=00290e86197bbd0129a4fc943a957f823235210d;p=koha_fer

diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm
index ccdcbcb10d..a86681565d 100644
--- a/installer/InstallAuth.pm
+++ b/installer/InstallAuth.pm
@@ -262,7 +262,11 @@ sub checkauth {
                 $session->param('emailaddress'),
                 $session->param('branchprinter')
             );
-            $cookie   = $query->cookie( CGISESSID => $session->id );
+            $cookie = $query->cookie(
+                -name     => 'CGISESSID',
+                -value    => $session->id,
+                -HttpOnly => 1,
+            );
             $loggedin = 1;
             $userid   = $session->param('cardnumber');
         }
@@ -276,10 +280,10 @@ sub checkauth {
             $userid    = undef;
 	   # Commented out due to its lack of usefulness
            # open L, ">>/tmp/sessionlog";
-            my $time = localtime( time() );
-            printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
-              $ip, $time;
-            close L;
+           # my $time = localtime( time() );
+           # printf L "%20s from %16s logged out at %30s (manually).\n", $userid,
+           #   $ip, $time;
+           # close L;
         }
     }
     unless ($userid) {
@@ -293,12 +297,16 @@ sub checkauth {
         my ( $return, $cardnumber ) = checkpw( $userid, $password );
         if ($return) {
             $loggedin = 1;
-            open L, ">>/tmp/sessionlog";
-            my $time = localtime( time() );
-            printf L "%20s from %16s logged in  at %30s.\n", $userid,
-              $ENV{'REMOTE_ADDR'}, $time;
-            close L;
-            $cookie = $query->cookie( CGISESSID => $sessionID );
+            # open L, ">>/tmp/sessionlog";
+            # my $time = localtime( time() );
+            # printf L "%20s from %16s logged in  at %30s.\n", $userid,
+            #  $ENV{'REMOTE_ADDR'}, $time;
+            # close L;
+            $cookie = $query->cookie(
+                -name     => 'CGISESSID',
+                -value    => $sessionID,
+                -HttpOnly => 1,
+            );
             if ( $return == 2 ) {
 
            #Only superlibrarian should have access to this page.
@@ -342,6 +350,7 @@ sub checkauth {
             $cookie = $query->cookie(
                 -name    => 'CGISESSID',
                 -value   => '',
+                -HttpOnly => 1,
                 -expires => ''
             );
         }
@@ -382,13 +391,11 @@ sub checkauth {
     $cookie = $query->cookie(
         -name    => 'CGISESSID',
         -value   => $sessionID,
+        -HttpOnly => 1,
         -expires => ''
     );
-    print $query->header(
-        -type    => 'text/html; charset=utf-8',
-        -cookie  => $cookie
-      ),
-      $template->output;
+
+    output_html_with_http_headers $query, $cookie, $template->output;
     exit;
 }