Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
None
Description
The "authenticated" property from /_session should only appear when authentication has occurred.
In 2.0 we extracted the 'admin party' handling into its own handler and this introduced the side-effect that all GET's to /_session are handled by an authentication handler.
chttpd:maybe_set_handler makes the assumption that if a handler sets #httpd.user_ctx to a #user_ctx record that authentication has taken place. This is not always true.