everywhere: use different session cookie names

If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
2025-06-29 22:56:37 -04:00 · 2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
--- a/frontend/js/dashboard-domain.js
+++ b/frontend/js/dashboard-domain.js
@ -36,9 +36,9 @@
  // Creates a new domain.
  global.domainNewHandler = function() {
    var json = {
-      session: global.cookieGet("session"),
-      name: $("#new-domain-name").val(),
-      domain: $("#new-domain-domain").val(),
+      "ownerToken": global.cookieGet("ownerToken"),
+      "name": $("#new-domain-name").val(),
+      "domain": $("#new-domain-domain").val(),
    }

    global.buttonDisable("#add-site-button");
@ -66,7 +66,7 @@
  // Refreshes the list of domains.
  global.domainRefresh = function(callback) {
    var json = {
-      session: global.cookieGet("session"),
+      ownerToken: global.cookieGet("ownerToken"),
    };

    global.post(global.commentoOrigin + "/api/domain/list", json, function(resp) {
@ -107,8 +107,8 @@
  // Updates a domain with the backend.
  global.domainUpdate = function(domain, callback) {
    var json = {
-      session: global.cookieGet("session"),
-      domain: domain,
+      "ownerToken": global.cookieGet("ownerToken"),
+      "domain": domain,
    };

    global.post(global.commentoOrigin + "/api/domain/update", json, function(resp) {
@ -126,8 +126,8 @@
  // Deletes a domain.
  global.domainDelete = function(domain, callback) {
    var json = {
-      session: global.cookieGet("session"),
-      domain: domain,
+      "ownerToken": global.cookieGet("ownerToken"),
+      "domain": domain,
    };

    global.post(global.commentoOrigin + "/api/domain/delete", json, function(resp) {