saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

everywhere: use different session cookie names

Browse Source 
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/commenter_session_update.go
View File

@@ -2,19 +2,19 @@ package main
import ()
func commenterSessionUpdate(session string, commenterHex string) error {
if session == "" || commenterHex == "" {
func commenterSessionUpdate(commenterToken string, commenterHex string) error {
if commenterToken == "" || commenterHex == "" {
return errorMissingField
}
statement := `
UPDATE commenterSessions
SET commenterHex=$2
WHERE session=$1;
SET commenterHex = $2
WHERE commenterToken = $1;
`
_, err := db.Exec(statement, session, commenterHex)
_, err := db.Exec(statement, commenterToken, commenterHex)
if err != nil {
logger.Errorf("error updating commenterHex in commenterSessions: %v", err)
logger.Errorf("error updating commenterHex: %v", err)
return errorInternal
}