diff --git a/lib/WeBWorK/Authen/Shibboleth.pm b/lib/WeBWorK/Authen/Shibboleth.pm index d29cc86707..f865f78f3e 100644 --- a/lib/WeBWorK/Authen/Shibboleth.pm +++ b/lib/WeBWorK/Authen/Shibboleth.pm @@ -167,20 +167,24 @@ sub check_session { if ($ce->{shiboff}) { return $self->SUPER::check_session(@_); } else { - my $Key = $db->getKey($userID); # checked + my $Key = $db->getKey($userID); return 0 unless defined $Key; - my $keyMatches = (defined $possibleKey and $possibleKey eq $Key->key); - my $timestampValid = (time <= $Key->timestamp() + $ce->{sessionTimeout}); - if ($ce->{shibboleth}{manage_session_timeout}) { - # always valid to allow shib to take control of timeout - $timestampValid = 1; - } + my $currentTime = time; + + my $keyMatches = defined $possibleKey && $possibleKey eq $Key->key; + my $timestampValid = $currentTime <= $Key->timestamp() + $ce->{sessionTimeout}; + # Allow shib to take control of timeout. + $timestampValid = 1 if $ce->{shibboleth}{manage_session_timeout}; - if ($keyMatches and $timestampValid and $updateTimestamp) { - $Key->timestamp(time); - $db->putKey($Key); + if ($keyMatches && $timestampValid && $updateTimestamp) { + $Key->timestamp($currentTime); + $self->{c}->stash->{'webwork2.database_session'} = { $Key->toHash }; + $self->{c}->stash->{'webwork2.database_session'}{session}{flash} = + delete $self->{c}->stash->{'webwork2.database_session'}{session}{new_flash} + if $self->{c}->stash->{'webwork2.database_session'}{session}{new_flash}; } + return (1, $keyMatches, $timestampValid); } } diff --git a/lib/WeBWorK/Controller.pm b/lib/WeBWorK/Controller.pm index 6e2f36cf08..465e326184 100644 --- a/lib/WeBWorK/Controller.pm +++ b/lib/WeBWorK/Controller.pm @@ -63,7 +63,7 @@ sub param ($c, @opts) { # Override the Mojolicious::Controller session method to set the cookie parameters # from the course environment the first time it is called. sub session ($c, @args) { - return if $c->stash('disable_cookies'); + return {} if $c->stash('disable_cookies'); # Initialize the cookie session the first time this is called. unless ($c->stash->{'webwork2.cookie_session_initialized'}) {