everywhere: use different session cookie names

If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
2025-06-29 22:56:37 -04:00 · 2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
--- a/api/oauth_google_redirect.go
+++ b/api/oauth_google_redirect.go
@ -12,14 +12,14 @@ func googleRedirectHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	session := r.FormValue("session")
+	commenterToken := r.FormValue("commenterToken")

-	_, err := commenterGetBySession(session)
-	if err != nil && err != errorNoSuchSession {
+	_, err := commenterGetByCommenterToken(commenterToken)
+	if err != nil && err != errorNoSuchToken {
 		fmt.Fprintf(w, "error: %s\n", err.Error())
 		return
 	}

-	url := googleConfig.AuthCodeURL(session)
+	url := googleConfig.AuthCodeURL(commenterToken)
 	http.Redirect(w, r, url, http.StatusFound)
 }