https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37041
--- Comment #33 from Jonathan Druart <[email protected]> --- I have a similar bug, but on.... all pages. It's not directly related to this bug report, but noting it here. diff --git a/Koha/Token.pm b/Koha/Token.pm index 4a806b0e371..150c74e69e5 100644 --- a/Koha/Token.pm +++ b/Koha/Token.pm @@ -130,7 +130,11 @@ sub generate_csrf { my ( $self, $params ) = @_; return if !$params->{session_id}; $params = _add_default_csrf_params( $params ); - return $self->generate({ %$params, type => 'CSRF' }); + warn "GEN"; + use Data::Printer colored => 1; warn p $params; + my $token = $self->generate({ %$params, type => 'CSRF' }); + warn $token; + return $token; } =head2 generate_jwt @@ -181,6 +185,8 @@ sub check { sub check_csrf { my ( $self, $params ) = @_; return if !$params->{session_id}; + warn "CHECK"; + use Data::Printer colored => 1; warn p $params; $params = _add_default_csrf_params( $params ); my $c = $self->check({ %$params, type => 'CSRF' }); Hit the mainpage session table and cookie have 9abb01d0bceff507f39bdb0f1de11cb0 GEN { id "anonymous_9abb01d0bceff507f39bdb0f1de11cb0", secret "X03MO1qnZdYdgyfeuILPmQ", session_id "9abb01d0bceff507f39bdb0f1de11cb0" (dualvar: 9) } 41e446085fd0cb1caa56510a83ba699cd94abe81,2ee4a96fd95b06120f683e38f32c749eb5584b2c,1735765447 fill login form in, submit CHECK { session_id "25d62876954877dc50dad7548e3707bb" (dualvar: 25), token "41e446085fd0cb1caa56510a83ba699cd94abe81,2ee4a96fd95b06120f683e38f32c749eb5584b2c,1735765447" (dualvar: Inf) } wrong_csrf_token GEN # New token is generated with another session id as we display again the login form { id "anonymous_8e19eed358a168c842d0f1642cc21e52", secret "X03MO1qnZdYdgyfeuILPmQ", session_id "8e19eed358a168c842d0f1642cc21e52" (dualvar: 8e+19) } 3cce1ca26137eb16f04489553adeccd0519a38aa,a1e17bfd4720d2e38a37c04cfb5a9a92c8fd4a3f,1735765498 Session table has 8e19eed358a168c842d0f1642cc21e52 9abb01d0bceff507f39bdb0f1de11cb0 Where is coming from the session's ID from the CHECK??25d62876954877dc50dad7548e3707bb Cleared all the data from browser's storage, same problem. Open a private window fixes the problem. I don't have time right now to investigate it more. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
