mirror of
https://gitlab.com/commento/commento.git
synced 2025-06-29 22:56:37 -04:00
everywhere: use different session cookie names
If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
@ -192,36 +192,36 @@
|
||||
}
|
||||
|
||||
|
||||
function sessionGet() {
|
||||
var session = cookieGet("session");
|
||||
if (session === undefined)
|
||||
function commenterTokenGet() {
|
||||
var commenterToken = cookieGet("commenterToken");
|
||||
if (commenterToken === undefined)
|
||||
return "anonymous";
|
||||
|
||||
return session;
|
||||
return commenterToken;
|
||||
}
|
||||
|
||||
|
||||
global.logout = function() {
|
||||
cookieSet("session", "anonymous");
|
||||
cookieSet("commenterToken", "anonymous");
|
||||
refreshAll();
|
||||
}
|
||||
|
||||
|
||||
function selfGet(callback) {
|
||||
var session = sessionGet();
|
||||
if (session == "anonymous") {
|
||||
var commenterToken = commenterTokenGet();
|
||||
if (commenterToken == "anonymous") {
|
||||
isAuthenticated = false;
|
||||
call(callback);
|
||||
return;
|
||||
}
|
||||
|
||||
var json = {
|
||||
session: sessionGet(),
|
||||
"commenterToken": commenterTokenGet(),
|
||||
};
|
||||
|
||||
post(origin + "/api/commenter/self", json, function(resp) {
|
||||
if (!resp.success) {
|
||||
cookieSet("session", "anonymous");
|
||||
cookieSet("commenterToken", "anonymous");
|
||||
call(callback);
|
||||
return;
|
||||
}
|
||||
@ -344,9 +344,9 @@
|
||||
|
||||
function commentsGet(callback) {
|
||||
var json = {
|
||||
session: sessionGet(),
|
||||
domain: location.host,
|
||||
path: location.pathname,
|
||||
"commenterToken": commenterTokenGet(),
|
||||
"domain": location.host,
|
||||
"path": location.pathname,
|
||||
};
|
||||
|
||||
post(origin + "/api/comment/list", json, function(resp) {
|
||||
@ -487,7 +487,7 @@
|
||||
}
|
||||
|
||||
var json = {
|
||||
"session": sessionGet(),
|
||||
"commenterToken": commenterTokenGet(),
|
||||
"domain": location.host,
|
||||
"path": location.pathname,
|
||||
"parentHex": id,
|
||||
@ -773,7 +773,7 @@
|
||||
|
||||
global.commentApprove = function(commentHex) {
|
||||
var json = {
|
||||
"session": sessionGet(),
|
||||
"commenterToken": commenterTokenGet(),
|
||||
"commentHex": commentHex,
|
||||
}
|
||||
|
||||
@ -796,7 +796,7 @@
|
||||
|
||||
global.commentDelete = function(commentHex) {
|
||||
var json = {
|
||||
"session": sessionGet(),
|
||||
"commenterToken": commenterTokenGet(),
|
||||
"commentHex": commentHex,
|
||||
}
|
||||
|
||||
@ -826,7 +826,7 @@
|
||||
var score = $(ID_SCORE + commentHex);
|
||||
|
||||
var json = {
|
||||
"session": sessionGet(),
|
||||
"commenterToken": commenterTokenGet(),
|
||||
"commentHex": commentHex,
|
||||
"direction": direction,
|
||||
};
|
||||
@ -970,7 +970,7 @@
|
||||
|
||||
global.commentoAuth = function(provider) {
|
||||
if (provider == "anonymous") {
|
||||
cookieSet("session", "anonymous");
|
||||
cookieSet("commenterToken", "anonymous");
|
||||
chosenAnonymous = true;
|
||||
refreshAll();
|
||||
return;
|
||||
@ -978,15 +978,15 @@
|
||||
|
||||
var popup = window.open("", "_blank");
|
||||
|
||||
get(origin + "/api/commenter/session/new", function(resp) {
|
||||
get(origin + "/api/commenter/token/new", function(resp) {
|
||||
if (!resp.success) {
|
||||
errorShow(resp.message);
|
||||
return;
|
||||
}
|
||||
|
||||
cookieSet("session", resp.session);
|
||||
cookieSet("commenterToken", resp.commenterToken);
|
||||
|
||||
popup.location = origin + "/api/oauth/" + provider + "/redirect?session=" + resp.session;
|
||||
popup.location = origin + "/api/oauth/" + provider + "/redirect?commenterToken=" + resp.commenterToken;
|
||||
|
||||
var interval = setInterval(function() {
|
||||
if (popup.closed) {
|
||||
@ -1144,8 +1144,8 @@
|
||||
|
||||
function loginUP(username, password) {
|
||||
var json = {
|
||||
email: username,
|
||||
password: password,
|
||||
"email": username,
|
||||
"password": password,
|
||||
};
|
||||
|
||||
post(origin + "/api/commenter/login", json, function(resp) {
|
||||
@ -1155,7 +1155,7 @@
|
||||
return
|
||||
}
|
||||
|
||||
cookieSet("session", resp.session);
|
||||
cookieSet("commenterToken", resp.commenterToken);
|
||||
refreshAll();
|
||||
});
|
||||
}
|
||||
@ -1176,10 +1176,10 @@
|
||||
var password = $(ID_LOGIN_BOX_PASSWORD_INPUT);
|
||||
|
||||
var json = {
|
||||
email: email.value,
|
||||
name: name.value,
|
||||
website: website.value,
|
||||
password: password.value,
|
||||
"email": email.value,
|
||||
"name": name.value,
|
||||
"website": website.value,
|
||||
"password": password.value,
|
||||
};
|
||||
|
||||
post(origin + "/api/commenter/new", json, function(resp) {
|
||||
|
||||
@ -36,9 +36,9 @@
|
||||
// Creates a new domain.
|
||||
global.domainNewHandler = function() {
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
name: $("#new-domain-name").val(),
|
||||
domain: $("#new-domain-domain").val(),
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"name": $("#new-domain-name").val(),
|
||||
"domain": $("#new-domain-domain").val(),
|
||||
}
|
||||
|
||||
global.buttonDisable("#add-site-button");
|
||||
@ -66,7 +66,7 @@
|
||||
// Refreshes the list of domains.
|
||||
global.domainRefresh = function(callback) {
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
ownerToken: global.cookieGet("ownerToken"),
|
||||
};
|
||||
|
||||
global.post(global.commentoOrigin + "/api/domain/list", json, function(resp) {
|
||||
@ -107,8 +107,8 @@
|
||||
// Updates a domain with the backend.
|
||||
global.domainUpdate = function(domain, callback) {
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: domain,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": domain,
|
||||
};
|
||||
|
||||
global.post(global.commentoOrigin + "/api/domain/update", json, function(resp) {
|
||||
@ -126,8 +126,8 @@
|
||||
// Deletes a domain.
|
||||
global.domainDelete = function(domain, callback) {
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: domain,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": domain,
|
||||
};
|
||||
|
||||
global.post(global.commentoOrigin + "/api/domain/delete", json, function(resp) {
|
||||
|
||||
@ -12,9 +12,9 @@
|
||||
var data = global.dashboard.$data;
|
||||
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: data.domains[data.cd].domain,
|
||||
url: url,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": data.domains[data.cd].domain,
|
||||
"url": url,
|
||||
}
|
||||
|
||||
global.buttonDisable("#disqus-import-button");
|
||||
|
||||
@ -13,9 +13,9 @@
|
||||
var email = $("#new-mod").val();
|
||||
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: data.domains[data.cd].domain,
|
||||
email: email,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": data.domains[data.cd].domain,
|
||||
"email": email,
|
||||
}
|
||||
|
||||
var idx = -1;
|
||||
@ -53,9 +53,9 @@
|
||||
var data = global.dashboard.$data;
|
||||
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: data.domains[data.cd].domain,
|
||||
email: email,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": data.domains[data.cd].domain,
|
||||
"email": email,
|
||||
}
|
||||
|
||||
var idx = -1;
|
||||
|
||||
@ -38,8 +38,8 @@
|
||||
var data = global.dashboard.$data;
|
||||
|
||||
var json = {
|
||||
session: global.cookieGet("session"),
|
||||
domain: data.domains[data.cd].domain,
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
"domain": data.domains[data.cd].domain,
|
||||
}
|
||||
|
||||
$(".view").hide();
|
||||
|
||||
@ -65,7 +65,7 @@
|
||||
return;
|
||||
}
|
||||
|
||||
global.cookieSet("session", resp.session);
|
||||
global.cookieSet("ownerToken", resp.ownerToken);
|
||||
document.location = "/dashboard";
|
||||
});
|
||||
};
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
(function (global, document) {
|
||||
|
||||
global.logout = function() {
|
||||
global.cookieSet("session", "");
|
||||
global.cookieSet("ownerToken", "");
|
||||
document.location = "/login";
|
||||
}
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
// Get self details.
|
||||
global.selfGet = function(callback) {
|
||||
var json = {
|
||||
"session": global.cookieGet("session"),
|
||||
"ownerToken": global.cookieGet("ownerToken"),
|
||||
};
|
||||
|
||||
global.post(global.commentoOrigin + "/api/owner/self", json, function(resp) {
|
||||
|
||||
Reference in New Issue
Block a user