inject session before redirect for login

author Evan Prodromou <evan@status.net>

Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)

committer root <root@ip-10-250-162-129.ec2.internal>

Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)
author Evan Prodromou <evan@status.net>
Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)
committer root <root@ip-10-250-162-129.ec2.internal>
Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)
diff --git a/actions/login.php b/actions/login.php

index 9c47d88b140f54074e328af2fdce7e1579c1cc74..8ea3c800b70f72d1915dd497e0d4fe76d14bf728 100644 (file)
--- a/actions/login.php
+++ b/actions/login.php
@@ -103,6 +103,15 @@ class LoginAction extends Action
          // CSRF protection - token set in NoticeForm
          $token = $this->trimmed('token');
          if (!$token || $token != common_session_token()) {
+           $st = common_session_token();
+           if (empty($token)) {
+               common_log(LOG_WARNING, 'No token provided by client.');
+           } else if (empty($st)) {
+               common_log(LOG_WARNING, 'No session token stored.');
+           } else {
+               common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
+           }
+
              $this->clientError(_('There was a problem with your session token. '.
                                   'Try again, please.'));
              return;
@@ -135,6 +144,7 @@ class LoginAction extends Action
          if ($url) {
              // We don't have to return to it again
              common_set_returnto(null);
+           $url = common_inject_session($url);
          } else {
              $url = common_local_url('all',
                                      array('nickname' =>
author	Evan Prodromou <evan@status.net>
	Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)
committer	root <root@ip-10-250-162-129.ec2.internal>
	Mon, 11 Jan 2010 08:40:22 +0000 (08:40 +0000)