[#7906] in login post, pass a _session_id value in both POST and cookies, so it gets past CSRF checks
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index 1af3714..1ee9ebc 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py
@@ -115,7 +115,11 @@
r = requests.post(auth_url, allow_redirects=False, data={
'username': username,
'password': password,
- 'return_to': '/login_successful'})
+ 'return_to': '/login_successful',
+ '_session_id': 'this-is-our-session',
+ }, cookies={
+ '_session_id': 'this-is-our-session',
+ })
return r.status_code == 302 and r.headers['location'].endswith('/login_successful')