From: Mitch Jackson <mitch@freeside.biz>
Date: Thu, 13 Sep 2018 04:44:54 +0000 (-0400)
Subject: RT# 80624 Browser check repeats if session changes
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=54cfc5a8423cce81b8d5b9e01f82b078bf43ae5d

RT# 80624 Browser check repeats if session changes
---

diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html
index e7666aec4..a88962be9 100644
--- a/httemplate/misc/edge_browser_check-header.html
+++ b/httemplate/misc/edge_browser_check-header.html
@@ -18,7 +18,10 @@
   </script>
 % }
 <%init>
-my $curuser = $FS::CurrentUser::CurrentUser;
+my $curuser    = $FS::CurrentUser::CurrentUser;
+my $session    = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
+
 my $cgi = FS::UID::cgi();
 my $DEBUG = 0;
 
@@ -26,7 +29,8 @@ my $do_check = 0;
 $do_check = 1
   if $curuser
   && !$cgi->param('edge_browser_check')
-  && $curuser->get_pref('edge_bug_vulnerable') ne 'N';
+  && $sessionkey
+  && $curuser->get_pref('edge_bug_vulnerable') ne $sessionkey;
 
 my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0;
-</%init>
\ No newline at end of file
+</%init>
diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html
index e804fc676..61ae9a0bd 100644
--- a/httemplate/misc/edge_browser_check-iframe.html
+++ b/httemplate/misc/edge_browser_check-iframe.html
@@ -19,16 +19,15 @@
 <%init>
 my $cgi = FS::UID::cgi();
 my $curuser = $FS::CurrentUser::CurrentUser;
+my $session = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
 
 if ( $curuser ) {
   my $canary = $cgi->param('edge_browser_canary');
   $curuser->set_pref(
     'edge_bug_vulnerable',
 
-    $canary eq 'test' ? 'Y' : 'Y',
-
-    # Don't test this user's session for the next 10m
-    time() + 600,
+    $canary eq 'test' ? $sessionkey : 'Y',
   );
 }