--- loncom/auth/lonauth.pm	2014/10/04 13:21:48	1.121.2.12
+++ loncom/auth/lonauth.pm	2017/06/06 22:34:37	1.121.2.16
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.121.2.12 2014/10/04 13:21:48 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.16 2017/06/06 22:34:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -73,7 +73,7 @@ sub success {
     }
 
 # ------------------------------------------------------------ Get cookie ready
-    $cookie="lonID=$cookie; path=/";
+    $cookie="lonID=$cookie; path=/; HttpOnly";
 # -------------------------------------------------------- Menu script and info
     my $destination = $lowerurl;
 
@@ -103,9 +103,7 @@ sub success {
         if ($destsymb =~ /___/) {
             # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
-            unless ($desturl=~/^(adm|editupload|public)/) {
-                $desturl = &Apache::lonnet::clutter($desturl);
-            }
+            $desturl = &Apache::lonnet::clutter($desturl);
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$desturl.
@@ -240,7 +238,6 @@ sub reroute {
 sub handler {
     my $r = shift;
     my $londocroot = $r->dir_config('lonDocRoot');
-    my $form;
 # Are we re-routing?
     if (-e "$londocroot/lon-status/reroute.txt") {
 	&reroute($r);
@@ -358,26 +355,7 @@ sub handler {
         (undef,$form{'iptoken'}) = split('=',$iptokenstr);
     }
 
-    my $keybin=pack("H16",$key);
-
-    my $cipher;
-    if ($Crypt::DES::VERSION>=2.03) {
-	$cipher=new Crypt::DES $keybin;
-    }
-    else {
-	$cipher=new DES $keybin;
-    }
-    my $upass='';
-    for (my $i=0;$i<=2;$i++) {
-	my $chunk=
-	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));
-
-	$chunk.=
-	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));
-
-	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
-	$upass.=$chunk;
-    }
+    my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});
 
 # ---------------------------------------------------------------- Authenticate
 
@@ -476,13 +454,25 @@ sub handler {
 
     unless ($hosthere) {
         ($is_balancer,$otherserver) =
-            &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'});
+            &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'},'login');
+        if ($is_balancer) {
+            if ($otherserver eq '') {
+                my $lowest_load;
+                ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'});
+                if ($lowest_load > 100) {
+                    $otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$form{'udom'});
+                }
+            }
+            if ($otherserver ne '') {
+                my @hosts = &Apache::lonnet::current_machine_ids();
+                if (grep(/^\Q$otherserver\E$/,@hosts)) {
+                    $hosthere = $otherserver;
+                }
+            }
+        }
     }
 
-    if ($is_balancer) {
-        if (!$otherserver) { 
-            ($otherserver) = &Apache::lonnet::choose_server($form{'udom'});
-        }
+    if (($is_balancer) && (!$hosthere)) {
         if ($otherserver) {
             &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
                      \%form);
@@ -550,6 +540,9 @@ sub handler {
                 return OK;
             }
         }
+        if (($is_balancer) && ($hosthere)) {
+            $form{'noloadbalance'} = $hosthere;
+        }
         &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef,
                  \%form);
         return OK;