hatecomputers
/
hatecomputers.club
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

don't verify empty cookies
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Elizabeth Hunt 2024-03-28 11:06:31 -06:00
parent b2fc689bdc
commit dee173cc63
Signed by untrusted user who does not match committer: simponic
GPG Key ID: 52B3774857EB24B1
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/auth.go
View File

@ -169,7 +169,7 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
user, userErr := getUserFromAuthHeader(context.DBConn, authHeader) user, userErr := getUserFromAuthHeader(context.DBConn, authHeader)
sessionCookie, err := req.Cookie("session") sessionCookie, err := req.Cookie("session")
if err == nil { if err == nil && sessionCookie.Value != "" {
user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value) user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value)
} }
@ -180,6 +180,8 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
Name: "session", Name: "session",
MaxAge: 0, // reset session cookie in case MaxAge: 0, // reset session cookie in case
}) })
context.User = nil
return failure(context, req, resp) return failure(context, req, resp)
} }