From eedcd4c4de5d0028cd6a8b9de0f6497ce6897b50 Mon Sep 17 00:00:00 2001
From: Alexey Sokolov <alexey+znc@asokolov.org>
Date: Thu, 16 Apr 2015 01:21:57 +0100
Subject: [PATCH] Fix rare conflict of HTTP-Basic auth and cookies.

Fix #946
---
 src/HTTPSock.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/HTTPSock.cpp b/src/HTTPSock.cpp
index be1ef2b0..43c01958 100644
--- a/src/HTTPSock.cpp
+++ b/src/HTTPSock.cpp
@@ -122,7 +122,7 @@ void CHTTPSock::ReadLine(const CString& sData) {
 		sLine.Token(2).Base64Decode(sUnhashed);
 		m_sUser = sUnhashed.Token(0, false, ":");
 		m_sPass = sUnhashed.Token(1, true, ":");
-		m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
+		// Postpone authorization attempt until end of headers, because cookies should be read before that, otherwise session id will be overwritten in GetSession()
 	} else if (sName.Equals("Content-Length:")) {
 		m_uPostLen = sLine.Token(1).ToULong();
 		if (m_uPostLen > MAX_POST_SIZE)
@@ -170,6 +170,14 @@ void CHTTPSock::ReadLine(const CString& sData) {
 	} else if (sLine.empty()) {
 		m_bGotHeader = true;
 
+		if (!m_sUser.empty()) {
+			m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
+			if (!m_bLoggedIn) {
+				// Error message already was sent
+				return;
+			}
+		}
+
 		if (m_bPost) {
 			m_sPostData = GetInternalReadBuffer();
 			CheckPost();