emailauth, passwordauth: Avoid leaving cgisess_* files in the system temp directory.

Due to the use/abuse of CGI::Session to generate a token for the login
process, a new session database was created for each login, and left behind
afterwards. While each file is small, with many logings this could bloat
the size of /tmp significantly. Fixed by making CGI::Session write to
/dev/null, since there does not seem to be a way to entirely prevent the
writing.

This commit was sponsored by Henrik Riomar on Patreon.

2 files changed, 2 insertions, 2 deletions

diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm
index 6674fe3d6..9c595dc86 100644
--- a/IkiWiki/Plugin/emailauth.pm
+++ b/IkiWiki/Plugin/emailauth.pm
@@ -148,7 +148,7 @@ sub gentoken ($$) {
 	my $session=shift;
 	eval q{use CGI::Session};
 	error($@) if $@;
-	my $token = CGI::Session->new->id;
+	my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
 	IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
 	IkiWiki::userinfo_set($email, "emailauth", $token);
 	IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 33b8efbed..8d99cf2f6 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -113,7 +113,7 @@ sub gentoken ($$;$) {
 
 	eval q{use CGI::Session};
 	error($@) if $@;
-	my $token = CGI::Session->new->id;
+	my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
 	if (! $reversable) {
 		setpassword($user, $token, $tokenfield);
 	}