IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: add path to cookies so sessions on the same domain but different subfolders don't log each other out

Browse Source
This commit is contained in:
Neil Lalonde 2017-06-20 13:30:36 -04:00
parent 482365b943
commit 1716747810
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/auth/default_current_user_provider.rb
View File

@ -159,7 +159,8 @@ class Auth::DefaultCurrentUserProvider
value: unhashed_auth_token, value: unhashed_auth_token,
httponly: true, httponly: true,
expires: SiteSetting.maximum_session_age.hours.from_now, expires: SiteSetting.maximum_session_age.hours.from_now,
secure: SiteSetting.force_https secure: SiteSetting.force_https,
path: GlobalSetting.relative_url_root.nil? ? '/' : GlobalSetting.relative_url_root
} }
if SiteSetting.same_site_cookies != "Disabled" if SiteSetting.same_site_cookies != "Disabled"

12
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -245,6 +245,18 @@ describe Auth::DefaultCurrentUserProvider do
expect(cookies["_t"].key?(:same_site)).to eq(false) expect(cookies["_t"].key?(:same_site)).to eq(false)
end end
it "cookies includes path" do
user = Fabricate(:user)
cookies = {}
provider('/').log_on_user(user, {}, cookies)
expect(cookies["_t"][:path]).to eq("/")
GlobalSetting.stubs(:relative_url_root).returns('/forum')
cookies = {}
provider('/').log_on_user(user, {}, cookies)
expect(cookies["_t"][:path]).to eq("/forum")
end
it "correctly expires session" do it "correctly expires session" do
SiteSetting.maximum_session_age = 2 SiteSetting.maximum_session_age = 2
user = Fabricate(:user) user = Fabricate(:user)