diff options
Diffstat (limited to 'run.psgi')
-rw-r--r-- | run.psgi | 12 |
1 files changed, 4 insertions, 8 deletions
@@ -191,7 +191,7 @@ $builder->mount("/login" => sub($) { # $creds contains its own authentication ID; we're can't use # the session ID because the new one isn't available until # after the function exits - $req->session->{credentials} = Fripost::Session::->create($fp); + $req->session->{credentials} = Fripost::Session::->new($fp); # login was successful; get a new session ID now, to protect # against session fixation attacks @@ -239,9 +239,7 @@ $builder->mount("/logout" => sub($) { if (defined (eval { csrf_token_validate($req) })) { # silently try to destroy the session on the LDAP backend - Fripost::Session::destroy($req->session->{credentials}, - %CONFIG, onerror => sub($@) {} - ); + $req->session->{credentials}->destroy(%CONFIG, onerror => sub($@) {}); # force the session to expire in our local cache delete $req->session->{credentials}; @@ -273,10 +271,8 @@ $builder->mount($WELCOME_PAGE => sub($) { my %tmpl_params; my $r = eval { - # auth using the session credentials (refresh the entry) - Fripost::Session::authenticate($req->session->{credentials}, - %CONFIG, onerror => \&throw - ); + # authenticate the session credentials (and refresh the entry) + $req->session->{credentials}->authenticate(%CONFIG, onerror => \&throw); }; if (defined $r) { $tmpl_params{AUTHZID} = $req->session->{credentials}->{authzid}; |