From 9c282842a933e30a40053c72cf5add2ddf2af901 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 6 Jun 2009 10:20:27 +0000
Subject: Do not start user session when accessing atom feed with token-based
 authentication.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2779 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application.rb | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index fcf83c92a..6d6338ffa 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -42,19 +42,22 @@ class ApplicationController < ActionController::Base
     # Check the settings cache for each request
     Setting.check_cache
     # Find the current user
-    self.logged_user = find_current_user
+    User.current = find_current_user
   end
   
   # Returns the current user or nil if no user is logged in
+  # and starts a session if needed
   def find_current_user
     if session[:user_id]
       # existing session
       (User.active.find(session[:user_id]) rescue nil)
     elsif cookies[:autologin] && Setting.autologin?
-      # auto-login feature
-      User.try_to_autologin(cookies[:autologin])
-    elsif params[:key] && accept_key_auth_actions.include?(params[:action])
-      # RSS key authentication
+      # auto-login feature starts a new session
+      user = User.try_to_autologin(cookies[:autologin])
+      session[:user_id] = user.id if user
+      user
+    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
+      # RSS key authentication does not start a session
       User.find_by_rss_key(params[:key])
     end
   end
-- 
cgit v1.2.3