Permalink
Browse files

Logging out after a failed login

  • Loading branch information...
1 parent d36cf5a commit 847f26a2e3a52cd410bed9d9bbce45e0e436853a Zbigniew Lukasiak committed Mar 22, 2012
Showing with 4 additions and 1 deletion.
  1. +2 −1 Changes
  2. +1 −0 lib/Plack/Middleware/Auth/Form.pm
  3. +1 −0 t/unit.t
View
@@ -28,5 +28,6 @@ Revision history for Plack::Middleware::Auth::Form.
session fixation attack protection (by hayajo)
session usage explanations (suggested by Kaare Rasmussen)
user dependent redirection page (suggested by Kaare Rasmussen)
- fixing the 'logged user' check (using a patch from https://rt.cpan.org/Ticket/Display.html?id=75899)
+ fixing the 'logged user' check (suggested in https://rt.cpan.org/Ticket/Display.html?id=75899)
+ logging out after a failed login (suggested in https://rt.cpan.org/Ticket/Display.html?id=75899)
@@ -68,6 +68,7 @@ sub _login {
else{
$login_error = 'Wrong username or password' if !$auth_result;
$user_id = $params->get( 'username' );
+ delete $env->{'psgix.session'}{user_id};
}
if( !$login_error ){
$env->{'psgix.session.options'}->{change_id}++;
View
@@ -56,6 +56,7 @@ is( $post_req->{'psgix.session'}{user_id}, '1', 'User id saved in the session' )
$middleware = Plack::Middleware::Auth::Form->new( authenticator => sub { 0 } );
$res = $middleware->call( $post_req );
like( join( '', @{ $res->[2] } ), qr/error.*form id="login_form"/, 'login form for login error' );
+ok( !exists( $post_req->{'psgix.session'}{user_id} ), 'User logged out after failed login' );
$post_req->{'psgix.session'}{user_id} = '1';

0 comments on commit 847f26a

Please sign in to comment.