https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38327
--- Comment #8 from David Cook <[email protected]> --- (In reply to Jan Kissig from comment #7) > I have to correct my last comment: I had an AJAX call included via > intranetuserjs on mainpage which fetched an internal report on > $(document).ready(). > > When I disabled the fetch of the report the recreation of the behavior was > not possible. So it seems connected to the AJAX-call after the DOM was built. This has already been discussed somewhere... When Koha rendered mainpage.pl, it would've sent you CGISESSID cookie with an anonymous session ID and it rendered the page with a CSRF token linked to that session ID. When your AJAX call made a call, it probably didn't send that CGISESSID cookie. When your AJAX call gets a response, it probably includes a new CGISESSID cookie with a new anonymous session ID, which overwrites the original CGISESSID cookie. When you submit your login, you're using the new CGISESSID cookie and the CSRF token linked to the old CGISESSID cookie. So it'll never work. -- If you update your AJAX call to send with the CGISESSID cookie, you should be fine. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
