jake/commento
1
Fork 0
mirror of https://gitlab.com/commento/commento.git synced 2025-06-29 22:56:37 -04:00
Code Releases Activity

everywhere: use different session cookie names

Browse Source 
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/oauth_google_callback.go
View File

@ -9,11 +9,11 @@ import (
)
func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
session := r.FormValue("state")
commenterToken := r.FormValue("state")
code := r.FormValue("code")
_, err := commenterSessionGet(session)
if err != nil && err != errorNoSuchSession {
_, err := commenterGetByCommenterToken(commenterToken)
if err != nil && err != errorNoSuchToken {
fmt.Fprintf(w, "Error: %s\n", err.Error())
return
}
@ -73,7 +73,7 @@ func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
commenterHex = c.CommenterHex
}
if err := commenterSessionUpdate(session, commenterHex); err != nil {
if err := commenterSessionUpdate(commenterToken, commenterHex); err != nil {
fmt.Fprintf(w, "Error: %s", err.Error())
return
}