From 5ada8633da1b049cc7339b065abe55462e7e1ab1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 31 Aug 2012 21:15:01 +0100
Subject: [PATCH] wip before timeout

---
 cgi-auth-hybrid.pm | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/cgi-auth-hybrid.pm b/cgi-auth-hybrid.pm
index c5a6b37..a563042 100644
--- a/cgi-auth-hybrid.pm
+++ b/cgi-auth-hybrid.pm
@@ -29,8 +29,11 @@ sub new {
 	    param_name => 'cah_associd',
 	    cookie_name => 'cah_associd', # make undef to disable cookie
 	    cgi => undef,
-	    param_get => sub { $s->_c()->param($s->{S}{param_name}) },
-	    cookie_get => sub { $s->_c()->cookie($s->{S}{cookie_name}) : '' },
+	    get_param => sub { $s->_c()->param($s->{S}{param_name}) },
+	    get_cookie => sub { $s->{S}{cookie_name}
+				? $s->_c()->cookie($s->{S}{cookie_name})
+				: '' },
+	    get_method => sub { $s->_c()->request_method() },
 	},
 	D => undef,
     };
@@ -94,6 +97,10 @@ sub record_login ($$) {
 }
 
 sub check () {
-    my $passocid = $s->{S}{param_get}();
-    my $cassocid = $s->{S}{cookie_get}();
-    if (
+    my $qassocid = $s->{S}{param_get}();
+    if (!defined $qassocid) {
+	$qassocid = $s->{S}{cookie_get}();
+	return 0 unless defined $qassocid;
+	return 0 unless $s->{S}{get_method}() eq 'GET';
+    }
+    
-- 
2.30.2