From e3dfb26b904edb4645fee4b43e93a6d54e2e8041 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 23 Aug 2017 13:13:23 -0400 Subject: emailauth, passwordauth: Avoid leaving cgisess_* files in the system temp directory. Due to the use/abuse of CGI::Session to generate a token for the login process, a new session database was created for each login, and left behind afterwards. While each file is small, with many logings this could bloat the size of /tmp significantly. Fixed by making CGI::Session write to /dev/null, since there does not seem to be a way to entirely prevent the writing. This commit was sponsored by Henrik Riomar on Patreon. --- IkiWiki/Plugin/emailauth.pm | 2 +- IkiWiki/Plugin/passwordauth.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'IkiWiki') diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm index 6674fe3d6..9c595dc86 100644 --- a/IkiWiki/Plugin/emailauth.pm +++ b/IkiWiki/Plugin/emailauth.pm @@ -148,7 +148,7 @@ sub gentoken ($$) { my $session=shift; eval q{use CGI::Session}; error($@) if $@; - my $token = CGI::Session->new->id; + my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id; IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24)); IkiWiki::userinfo_set($email, "emailauth", $token); IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : ""); diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm index 33b8efbed..8d99cf2f6 100644 --- a/IkiWiki/Plugin/passwordauth.pm +++ b/IkiWiki/Plugin/passwordauth.pm @@ -113,7 +113,7 @@ sub gentoken ($$;$) { eval q{use CGI::Session}; error($@) if $@; - my $token = CGI::Session->new->id; + my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id; if (! $reversable) { setpassword($user, $token, $tokenfield); } -- cgit v1.2.3