saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

everywhere: use different session cookie names

Browse Source 
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/comment_vote.go
View File

@@ -45,7 +45,7 @@ func commentVote(commenterHex string, commentHex string, direction int) error {
func commentVoteHandler(w http.ResponseWriter, r *http.Request) {
type request struct {
Session *string `json:"session"`
CommenterToken *string `json:"commenterToken"`
CommentHex *string `json:"commentHex"`
Direction *int `json:"direction"`
}
@@ -56,12 +56,12 @@ func commentVoteHandler(w http.ResponseWriter, r *http.Request) {
return
}
if *x.Session == "anonymous" {
if *x.CommenterToken == "anonymous" {
writeBody(w, response{"success": false, "message": errorUnauthorisedVote.Error()})
return
}
c, err := commenterGetBySession(*x.Session)
c, err := commenterGetByCommenterToken(*x.CommenterToken)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return