MantisBT: master aa042ae6

Author Committer Branch Timestamp Parent
jreese jreese master 2009-12-03 09:33 master 09b1691c
Affected Issues  0010930: User verification results in redirection loop
 0011031: Can not view changelog page without login as user
Changeset

Fix 0011031, 10930: fix anonymous user auto-login

The original issue with 10930 was that user verification, when checking
to see if a user was logged in, would trigger automatic login of the
anonymous user account, which would lead to a redirect loop, where each
page load would auto-login the anonymous user and immediately log them
out and redirect.

The original fix for this disabled auto-login of the anonymous user
account when calling auth_is_user_authenticated(), which broke
expectations of much of the codebase. By re-enabling auto-login, but
offering optional bypass of this process, it fixes both issues.

Any page expecting to correctly work with unauthenticated users will
need to pass a False parameter to the function to bypass automatic
anonymous login.

mod - verify.php Diff File
mod - core/authentication_api.php Diff File