Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Logging out after a failed login

  • Loading branch information...
commit 847f26a2e3a52cd410bed9d9bbce45e0e436853a 1 parent d36cf5a
Zbigniew Lukasiak authored
Showing with 4 additions and 1 deletion.
  1. +2 −1  Changes
  2. +1 −0  lib/Plack/Middleware/Auth/Form.pm
  3. +1 −0  t/unit.t
3  Changes
View
@@ -28,5 +28,6 @@ Revision history for Plack::Middleware::Auth::Form.
session fixation attack protection (by hayajo)
session usage explanations (suggested by Kaare Rasmussen)
user dependent redirection page (suggested by Kaare Rasmussen)
- fixing the 'logged user' check (using a patch from https://rt.cpan.org/Ticket/Display.html?id=75899)
+ fixing the 'logged user' check (suggested in https://rt.cpan.org/Ticket/Display.html?id=75899)
+ logging out after a failed login (suggested in https://rt.cpan.org/Ticket/Display.html?id=75899)
1  lib/Plack/Middleware/Auth/Form.pm
View
@@ -68,6 +68,7 @@ sub _login {
else{
$login_error = 'Wrong username or password' if !$auth_result;
$user_id = $params->get( 'username' );
+ delete $env->{'psgix.session'}{user_id};
}
if( !$login_error ){
$env->{'psgix.session.options'}->{change_id}++;
1  t/unit.t
View
@@ -56,6 +56,7 @@ is( $post_req->{'psgix.session'}{user_id}, '1', 'User id saved in the session' )
$middleware = Plack::Middleware::Auth::Form->new( authenticator => sub { 0 } );
$res = $middleware->call( $post_req );
like( join( '', @{ $res->[2] } ), qr/error.*form id="login_form"/, 'login form for login error' );
+ok( !exists( $post_req->{'psgix.session'}{user_id} ), 'User logged out after failed login' );
$post_req->{'psgix.session'}{user_id} = '1';
Please sign in to comment.
Something went wrong with that request. Please try again.