force logout when invalid credentials given

GMOD · Jul 8, 2009 · 2774ae7 · 2774ae7
1 parent 5f96373
commit 2774ae7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/lib/Bio/Graphics/Browser.pm b/lib/Bio/Graphics/Browser.pm
@@ -1,5 +1,5 @@
 package Bio::Graphics::Browser;
-# $Id: Browser.pm,v 1.239.2.2 2009-07-08 05:56:23 lstein Exp $
+# $Id: Browser.pm,v 1.239.2.3 2009-07-08 06:20:47 lstein Exp $
 # Globals and utilities for GBrowse and friends
 
 use strict;
@@ -344,7 +344,7 @@ sub authorized_session {
       return $session;
   } else {
       warn "UNAUTHORIZED ATTEMPT";
-      return $self->session(undef);
+      return $self->session('xyzzy');
   }
 }
 

diff --git a/lib/Bio/Graphics/Browser/Render/HTML.pm b/lib/Bio/Graphics/Browser/Render/HTML.pm
@@ -57,12 +57,11 @@ sub render_login_button {
 	    . a({-href=>'?id=logout'},'Log Out');
     }
 
-
 # what happens here is:
 # 1. Generate an asynchronous javascript request to "?authorize_login=1;username=name"
 # 2. If login successful, the asynchronous request generates an authorizaton key and
-#    writes it into the session.
-# 3. The javascript should set a cookie named "id_authorization=key" and then force a reload
+#    writes it into the session (see Render.pm)
+# 3. On success, we POST to refresh the whole page and set the session ID
 
     my $jscript = <<'END';
      function postwith (to,p) {