if ($this->_base) {
$result = $this->_base->transparent();
} elseif ($this->hasCapability('transparent')) {
- if ($result = $registry->callAppMethod($this->_app, $this->_apiMethods['transparent'], array('args' => array($this), 'noperms' => true)) &&
- $is_auth) {
- /* Only clean session if we were successfully authenticated
- * into Horde via transparent auth. Have to wait until after
- * we check transparent auth or else we would blow away guest
- * sessions. See Bug #9311. */
- $registry->getCleanSession();
- }
+ $result = $registry->callAppMethod($this->_app, $this->_apiMethods['transparent'], array('args' => array($this), 'noperms' => true));
} else {
/* If this application contains neither transparent nor
* authenticate capabilities, it does not require any
return true;
}
+ /* Destroy any existing session on login and make sure to use a
+ * new session ID, to avoid session fixation issues. */
+ if (!$GLOBALS['registry']->getAuth()) {
+ $GLOBALS['registry']->getCleanSession();
+ }
+
$userId = $this->getCredential('userId');
$credentials = $this->getCredential('credentials');
$_GET['new_lang'] = $language;
} elseif (Horde_Util::getPost('login_post') ||
Horde_Util::getPost('login_button')) {
- if (!$is_auth) {
- /* Destroy any existing session on login and make sure to use a
- * new session ID, to avoid session fixation issues. */
- $registry->getCleanSession();
- }
-
/* Get the login params from the login screen. */
$auth_params = array(
'password' => Horde_Util::getPost('horde_pass')
projects / horde.git / commitdiff