saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

everywhere: use different session cookie names

Browse Source 
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/commenter_get.go
View File

@@ -44,26 +44,26 @@ func commenterGetByEmail(provider string, email string) (commenter, error) {
return c, nil
}
func commenterGetBySession(session string) (commenter, error) {
if session == "" {
func commenterGetByCommenterToken(commenterToken string) (commenter, error) {
if commenterToken == "" {
return commenter{}, errorMissingField
}
statement := `
SELECT commenterHex
FROM commenterSessions
WHERE session = $1;
WHERE commenterToken = $1;
`
row := db.QueryRow(statement, session)
row := db.QueryRow(statement, commenterToken)
var commenterHex string
if err := row.Scan(&commenterHex); err != nil {
// TODO: is the only error?
return commenter{}, errorNoSuchSession
return commenter{}, errorNoSuchToken
}
if commenterHex == "none" {
return commenter{}, errorNoSuchSession
return commenter{}, errorNoSuchToken
}
return commenterGetByHex(commenterHex)