everywhere: use different session cookie names

If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
--- a/api/commenter_session.go
+++ b/api/commenter_session.go
@@ -4,8 +4,11 @@ import (
 	"time"
 )

+// A session is a 3-field entry of a token, a hex, and a creation date. Do
+// not confuse session and token; the token is just an identifying string,
+// while the session contains more information.
 type commenterSession struct {
-	Session      string    `json:"session"`
+	CommenterToken string    `json:"commenterToken"`
 	CommenterHex string    `json:"commenterHex"`
 	CreationDate time.Time `json:"creationDate"`
 }