saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

everywhere: use different session cookie names

Browse Source 
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
This commit is contained in:
Adhityaa
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/domain_moderator_delete.go
View File

@@ -24,7 +24,7 @@ func domainModeratorDelete(domain string, email string) error {
func domainModeratorDeleteHandler(w http.ResponseWriter, r *http.Request) {
type request struct {
Session *string `json:"session"`
OwnerToken *string `json:"ownerToken"`
Domain *string `json:"domain"`
Email *string `json:"email"`
}
@@ -35,7 +35,7 @@ func domainModeratorDeleteHandler(w http.ResponseWriter, r *http.Request) {
return
}
o, err := ownerGetBySession(*x.Session)
o, err := ownerGetByOwnerToken(*x.OwnerToken)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return