do cookie handling and session update only if logged in via web page

controllers/class.Login.php

@@ -35,9 +35,10 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		$dms = $this->params['dms'];
 		$settings = $this->params['settings'];
 		$session = $this->params['session'];
-		$sesstheme = $this->params['sesstheme'];
-		$referuri = $this->params['referuri'];
-		$lang = $this->params['lang'];
+		$source = isset($this->params['source']) ? $this->params['source'] : '';
+		$sesstheme = $this->getParam('sesstheme');
+		$referuri = $this->getParam('referuri');
+		$lang = $this->getParam('lang');
 		$login = $this->params['login'];
 		$pwd = $this->params['pwd'];
 
@@ -75,7 +76,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		 * return false and if the hook doesn't care at all, if must return null.
 		 */
 		if(!$user) {
-			$user = $this->callHook('authenticate');
+			$user = $this->callHook('authenticate', $source);
 			if(false === $user) {
 				if(empty($this->errormsg))
 					$this->setErrorMsg("authentication_failed");
@@ -166,6 +167,10 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		/* Clear login failures if login was successful */
 		$user->clearLoginFailures();
 
+		/* Setting the theme and language and all the cookie handling is
+		 * only done when authentication was requested from a weg page.
+		 */
+		if($source == 'web') {
 			// Capture the user's language and theme settings.
 			if ($lang) {
 				$user->setLanguage($lang);
@@ -234,6 +239,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 					$lifetime = 0;
 				setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
 			}
+		}
 
 		if($this->callHook('postLogin', $user)) {
 		}