--- loncom/auth/lonacc.pm	2014/06/17 23:22:10	1.157
+++ loncom/auth/lonacc.pm	2014/10/18 21:40:06	1.159
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.157 2014/06/17 23:22:10 raeburn Exp $
+# $Id: lonacc.pm,v 1.159 2014/10/18 21:40:06 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -307,7 +307,10 @@ sub sso_login {
     my %sessiondata;
     if ($form{'iptoken'}) {
         %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
-        my $delete = &Apache::lonnet::tmpdel($form{'token'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+        unless ($sessiondata{'sessionserver'}) {
+            delete($form{'iptoken'});
+        }
     }
 
     my $domain = $r->dir_config('lonSSOUserDomain');
@@ -319,8 +322,8 @@ sub sso_login {
 	&Apache::lonnet::logthis(" SSO authorized user $user ");
         my ($is_balancer,$otherserver,$hosthere);
         if ($form{'iptoken'}) {
-            if (($sessiondata{'domain'} eq $form{'udom'}) &&
-                ($sessiondata{'username'} eq $form{'uname'})) {
+            if (($sessiondata{'domain'} eq $domain) &&
+                ($sessiondata{'username'} eq $user)) {
                 $hosthere = 1;
             }
         }
@@ -361,7 +364,7 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
-            foreach my $item ('role','symb') {
+            foreach my $item ('role','symb','iptoken') {
                 if (exists($form{$item})) {
                     $info{$item} = $form{$item};
                 }
@@ -442,7 +445,10 @@ sub handler {
     my ($is_balancer,$otherserver);
 
     if ($handle eq '') {
-        unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
+        unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) ||
+                ($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) ||
+                ($requrl =~ m{^/adm/help/}) ||
+                ($requrl =~ m{^/res/$match_domain/$match_username/})) {
 	    $r->log_reason("Cookie not valid", $r->filename);
         }
     } elsif ($handle ne '') {
@@ -563,6 +569,13 @@ sub handler {
 	if ($requrl !~ m{^/(?:adm|public|prtspool)/}
 	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
 	    my $access=&Apache::lonnet::allowed('bre',$requrl);
+            if ($handle eq '') {
+                unless ($access eq 'F') {
+                    if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
+                        $r->log_reason("Cookie not valid", $r->filename);
+                    }
+                }
+            }
 	    if ($access eq '1') {
 		$env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
 		return HTTP_NOT_ACCEPTABLE;