Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.78.2.31 -r1.78.2.32 --- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 22 Sep 2016 17:23:35 -0000 1.78.2.31 +++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 29 Sep 2016 21:24:19 -0000 1.78.2.32 @@ -2180,10 +2180,12 @@ @return nothing } { - if {![info exists ::$tokenname]} { + if {![info exists ::$tokenname] || ![ns_conn isconnected]} { # - # If there is no global csrf token, we assume that the - # csrf token generation is deactivated, we accept everything. + # If there is no global csrf token, or we are not in a + # connection thread, we accept everything. If there is + # not csrf token, we assume, that its generation is + # deactivated, # return } @@ -2215,8 +2217,13 @@ @return session ID } { - if {[ad_conn untrusted_user_id] == 0} { + if {![ns_conn isconnected]} { # + # Must be a background job, take the address + # + set session_id [ns_info address] + } elseif {[ad_conn untrusted_user_id] == 0} { + # # Anonymous request, use a peer address as session_id # set session_id [ad_conn peeraddr]