Remove false cookies from the browser to avoid endless loops

[citadel.git] / webcit / webcit.c

diff --git a/webcit/webcit.c b/webcit/webcit.c
index 2ce94be12d1b7d3d78556c533071a9f80f2e1a98..851829af909102188879f11abb7e23bd2a602478 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -3,7 +3,7 @@
  * persistent session to the Citadel server, handling HTTP WebCit requests as
  * they arrive and presenting a user interface.
  *
- * Copyright (c) 1996-2012 by the citadel.org team
+ * Copyright (c) 1996-2013 by the citadel.org team
  *
  * This program is open source software.  You can redistribute it and/or
  * modify it under the terms of the GNU General Public License, version 3.
@@ -314,6 +314,11 @@ void authorization_required(void)
                PACKAGE_STRING, ChrPtr(WC->serv_info->serv_software)
        );
        hprintf("WWW-Authenticate: Basic realm=\"%s\"\r\n", ChrPtr(WC->serv_info->serv_humannode));
+
+       /* if this is a false cookie authentication, remove it to avoid endless loops. */
+       if (StrLength(WCC->Hdr->HR.RawCookie) > 0)
+               stuff_to_cookie(1);
+
        hprintf("Content-Type: text/html\r\n");
        begin_burst();
        wc_printf("<h1>");