Commit abfe2f41 authored by Romain Courteaud's avatar Romain Courteaud

[erp5_core] Fetch user name from __ac_name cookie

This restore the previous behaviour which has been dropped by nexedi/erp5@63c3da2b

Because getSecurityManager().getUser() always returns "Anonymous User" when Base_getAutoLogoutSessionKey is called (from CookieCrumbler.modifyRequest), all users were sharing the same session which leads to user being all the time logged out.
parent 71e5790f
......@@ -2,4 +2,4 @@ from AccessControl import getSecurityManager
from zExceptions import Unauthorized
if REQUEST is not None: # Cheap "do not call from URL" protection - not that the session key is secret
raise Unauthorized
return 'ac_cookie_' + str(getSecurityManager().getUser())
return 'ac_cookie_%s' % context.REQUEST.get('__ac_name', 'Anonymous User')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment