--- loncom/auth/migrateuser.pm	2014/10/06 00:48:44	1.23
+++ loncom/auth/migrateuser.pm	2020/10/23 20:58:08	1.25.2.3
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.23 2014/10/06 00:48:44 raeburn Exp $
+# $Id: migrateuser.pm,v 1.25.2.3 2020/10/23 20:58:08 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -37,12 +37,15 @@ use Apache::lonlocal;
 use Apache::lonlogin();
 
 sub goto_login {
-    my ($r) = @_;
+    my ($r,$domain) = @_;
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
+    my $url = '/adm/login';
+    if ($domain) {
+        $url .= '?domain='.$domain;
+    }
     $r->print(&Apache::loncommon::start_page('Going to login',undef,
-					     {'redirect' =>
-						  [0,'/adm/login'],}).
+					     {'redirect' => [0,$url],}).
 	      '<h1>'.&mt('One moment please...').'</h1>'.
 	      '<p>'.&mt('Transferring to login page.').'</p>'.
 	      &Apache::loncommon::end_page());
@@ -168,15 +171,23 @@ sub ip_changed {
                     }
                 }
             }
+            unless ($hosthere) {
+                if (($dataref->{'balancer'}) && ($dataref->{'balcookie'})) {
+                    &Apache::lonnet::delbalcookie($dataref->{'balcookie'},$dataref->{'balancer'});
+                }
+            }
         }
         if ($dataref->{'sso.login'}) {
             $url .= '/adm/roles';
         } else {
             $url .= '/adm/login';
+            if ($udom) {
+                $url .= '?domain='.$udom;
+            }
             $message .= '<br />'.&mt('You will need to provide your password one more time.');
         }
         my %info= (
-                    'domain'          => $dataref->{'domain'},
+                    'domain'          => $udom,
                     'username'        => $dataref->{'username'},
                     'role'            => $dataref->{'role'},
                     'sessionserver'   => $lonhost,
@@ -189,7 +200,8 @@ sub ip_changed {
         }
         my $iptoken = &Apache::lonnet::tmpput(\%info,$switchto);
         unless ($iptoken eq 'conlost') {
-            $url .= '?iptoken='.$iptoken;
+            $url .= ($url =~ /\?/) ? '&' : '?';
+            $url .= 'iptoken='.$iptoken;
         }
         $r->print(&Apache::loncommon::start_page($title,undef,
                                                  {'redirect' =>
@@ -223,24 +235,59 @@ sub handler {
         return &goto_login($r);
     }
     if ($data{'ip'} ne $ENV{'REMOTE_ADDR'}) {
+        &Apache::lonnet::logthis('IP change when session migration requested -- was: '.
+                 $data{'ip'}.'; now: '.$ENV{'REMOTE_ADDR'}.' for '.$data{'username'}.':'.$data{'domain'});
 	return &ip_changed($r,$data{'domain'},$data{'server'},\%data);
     }
 
     &Apache::lonnet::logthis("Allowing access for $data{'username'}:$data{'domain'} to $data{'role'}");
     my $home=&Apache::lonnet::homeserver($data{'username'},$data{'domain'});
-    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r); }
+    my $udom;
+    if (&Apache::lonnet::domain($data{'domain'})) {
+        $udom=$data{'domain'};
+    }
+    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r,$udom); }
 
     my $extra_env = &sso_check(\%data);
+    if (($data{'balancer'}) && ($data{'server'}) && ($data{'balcookie'})) {
+        if (ref($extra_env) eq 'HASH') {
+            $extra_env->{'request.balancercookie'} = $data{'server'}.':'.$data{'balcookie'};
+        } else {
+            $extra_env = { 'request.balancercookie' => $data{'server'}.':'.$data{'balcookie'} };
+        }
+    } elsif (($data{'server'}) && ($data{'otherbalcookie'})) {
+        my ($balancer,$balcookie) = split(/:/,$data{'otherbalcookie'});
+        if (defined(&Apache::lonnet::hostname($balancer)) && $balcookie =~ /^[a-f0-9]{32}$/) {
+            my $baldom = &Apache::lonnet::host_domain($balancer);
+            if (&Apache::lonnet::shared_institution($baldom)) {
+                my $cookieid = join('_',$udom,$data{'username'},$balcookie);
+                &Apache::lonnet::updatebalcookie($cookieid,$balancer,$data{'server'});
+                if (ref($extra_env) eq 'HASH') {
+                    $extra_env->{'request.balancercookie'} = $data{'otherbalcookie'};
+                } else {
+                    $extra_env = { 'request.balancercookie' => $data{'otherbalcookie'} };
+                }
+            }
+        }
+    }
 
-    my %form;
+    my (%form,$cid);
     if ($data{'symb'} ne '') {
         $form{'symb'} = $data{'symb'};
     }
     if ($data{'iptoken'} ne '') {
         $form{'iptoken'} = $data{'iptoken'};
     }
-
-    if (!$data{'role'}) {
+    if ($data{'noloadbalance'} ne '') {
+        $form{'noloadbalance'} = $data{'noloadbalance'};
+    }
+    if ($data{'role'}) {
+        if ($data{'role'} =~ m{\./($match_domain)/($match_courseid)(?:/\w+|$)}) {
+            unless (&Apache::lonnet::homeserver($2,$1) eq 'no_host') {
+                $cid = $1.'_'.$2;
+            }
+        }
+    } else {
 	my $handle = &Apache::lonnet::check_for_valid_session($r);
 	if ($handle) {
 	    &Apache::lonnet::transfer_profile_to_env($r->dir_config('lonIDsDir'),
@@ -270,7 +317,7 @@ sub handler {
         $next_url .= '&amp;orgurl='.&escape($data{'origurl'});
     }
     &Apache::lonauth::success($r,$data{'username'},$data{'domain'},$home,
-			      $next_url,$extra_env,\%form);
+			      $next_url,$extra_env,\%form,$cid);
     return OK;
 }