FIX: Cleanup authentication_data cookie after login (#11834)

This cookie is only used during login. Having it persist after that can cause some unusual behavior, especially for sites with short session lengths. We were already deleting the cookie following a new signup, but not for existing users. This commit moves the cookie deletion logic out of the erb template, and adds logic and tests to ensure it is always deleted consistently. Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2025-02-25 18:55:32 -06:00 · 2021-01-25 13:47:44 +00:00
parent e65c5b0aad
commit 2092152b03
3 changed files with 27 additions and 5 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -560,4 +560,16 @@ module ApplicationHelper
      end
    end
  end
+
+  def authentication_data
+    return @authentication_data if defined?(@authentication_data)
+
+    @authentication_data = begin
+      value = cookies[:authentication_data]
+      if value
+        cookies.delete(:authentication_data, path: Discourse.base_path("/"))
+      end
+      current_user ? nil : value
+    end
+  end
 end