The SCO user should only be allowed to access to the SCO module.
This patch make the session ends if the user tries to access another
page after the SCO module.
Test plan:
0/ Configure the SCO module correctly
1/ Go on the sco main page (sco/sco-main.pl)
2/ Try to go somewhere else: you should not be logged in
Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
);
}
+
+ # If the user logged in is the SCO user and he tries to go out the SCO module, log the user out removing the CGISESSID cookie
+ if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sco/| ) {
+ if ( C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) {
+ $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} );
+ my $cookie = $in->{query}->cookie(
+ -name => 'CGISESSID',
+ -value => '',
+ -expires => '',
+ -HttpOnly => 1,
+ );
+
+ $template->param( loginprompt => 1 );
+ print $in->{query}->header(
+ -type => 'text/html',
+ -charset => 'utf-8',
+ -cookie => $cookie,
+ ),
+ $template->output;
+ safe_exit;
+ }
+ }
+
my $borrowernumber;
if ($user) {
require C4::Members;