don't verify empty cookies

2024-03-28 11:06:31 -06:00 · 2024-03-28 11:06:31 -06:00 · dee173cc63
parent b2fc689bdc
commit dee173cc63
2 changed files with 4 additions and 2 deletions
--- a/api/auth.go
+++ b/api/auth.go
@ -169,7 +169,7 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
 		user, userErr := getUserFromAuthHeader(context.DBConn, authHeader)

 		sessionCookie, err := req.Cookie("session")
-		if err == nil {
+		if err == nil && sessionCookie.Value != "" {
 			user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value)
 		}

@ -180,6 +180,8 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
 				Name:   "session",
 				MaxAge: 0, // reset session cookie in case
 			})
+
+			context.User = nil
 			return failure(context, req, resp)
 		}

--- a/templates/home.html
+++ b/templates/home.html
@ -1,3 +1,3 @@
 {{ define "content" }}
-<p class="blinky">under construction!</p>
+  <p class="blinky">under construction!</p>
 {{ end }}