PLT-6492 Use new cookie to determine if user is logged in (#6317)

* Use new cookie to determine if user is logged in * Add temporary code for 3.9 to prevent forced re-login
2025-02-25 18:55:24 -06:00 · 2017-05-04 16:36:31 -04:00
parent 1838f6c25e
commit fe95276ba8
7 changed files with 39 additions and 12 deletions
--- a/api/context.go
+++ b/api/context.go
@@ -185,6 +185,20 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}

+	// TEMPORARY CODE FOR 3.9, REMOVE FOR 3.10
+	if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil && c.Session.UserId != "" {
+		if _, err = r.Cookie(model.SESSION_COOKIE_USER); err != nil {
+			http.SetCookie(w, &http.Cookie{
+				Name:    model.SESSION_COOKIE_USER,
+				Value:   c.Session.UserId,
+				Path:    "/",
+				MaxAge:  cookie.MaxAge,
+				Expires: cookie.Expires,
+				Secure:  cookie.Secure,
+			})
+		}
+	}
+
 	if h.isApi || h.isTeamIndependent {
 		c.setTeamURL(c.GetSiteURLHeader(), false)
 		c.Path = r.URL.Path
@@ -357,7 +371,15 @@ func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
 		HttpOnly: true,
 	}

+	userCookie := &http.Cookie{
+		Name:   model.SESSION_COOKIE_USER,
+		Value:  "",
+		Path:   "/",
+		MaxAge: -1,
+	}
+
 	http.SetCookie(w, cookie)
+	http.SetCookie(w, userCookie)
 }

 func (c *Context) SetInvalidParam(where string, name string) {
--- a/app/login.go
+++ b/app/login.go
@@ -122,7 +122,17 @@ func DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId
 		Secure:   secure,
 	}

+	userCookie := &http.Cookie{
+		Name:    model.SESSION_COOKIE_USER,
+		Value:   user.Id,
+		Path:    "/",
+		MaxAge:  maxAge,
+		Expires: expiresAt,
+		Secure:  secure,
+	}
+
 	http.SetCookie(w, sessionCookie)
+	http.SetCookie(w, userCookie)

 	return session, nil
 }
--- a/model/session.go
+++ b/model/session.go
@@ -11,6 +11,7 @@ import (

 const (
 	SESSION_COOKIE_TOKEN  = "MMAUTHTOKEN"
+	SESSION_COOKIE_USER   = "MMUSERID"
 	SESSION_CACHE_SIZE    = 35000
 	SESSION_PROP_PLATFORM = "platform"
 	SESSION_PROP_OS       = "os"
--- a/webapp/actions/global_actions.jsx
+++ b/webapp/actions/global_actions.jsx
@@ -457,7 +457,7 @@ export function clientLogout(redirectTo = '/') {
    ChannelStore.clear();
    stopPeriodicStatusUpdates();
    WebsocketActions.close();
-    localStorage.removeItem('currentUserId');
+    document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
    window.location.href = redirectTo;
 }

--- a/webapp/actions/user_actions.jsx
+++ b/webapp/actions/user_actions.jsx
@@ -51,8 +51,6 @@ import {getTeamMembersByIds, getMyTeamMembers} from 'mattermost-redux/actions/te
 export function loadMe(callback) {
    loadMeRedux()(dispatch, getState).then(
        () => {
-            localStorage.setItem('currentUserId', UserStore.getCurrentId());
-
            if (callback) {
                callback();
            }
@@ -741,7 +739,6 @@ export function webLogin(loginId, password, token, success, error) {
    login(loginId, password, token)(dispatch, getState).then(
        (ok) => {
            if (ok && success) {
-                localStorage.setItem('currentUserId', UserStore.getCurrentId());
                success();
            } else if (!ok && error) {
                const serverError = getState().requests.users.login.error;
--- a/webapp/root.jsx
+++ b/webapp/root.jsx
@@ -13,7 +13,6 @@ import PDFJS from 'pdfjs-dist';
 import * as Websockets from 'actions/websocket_actions.jsx';
 import {loadMeAndConfig} from 'actions/user_actions.jsx';
 import ChannelStore from 'stores/channel_store.jsx';
-import UserStore from 'stores/user_store.jsx';
 import * as I18n from 'i18n/i18n.jsx';

 // Import our styles
@@ -61,9 +60,7 @@ function preRenderSetup(callwhendone) {

    setUrl(window.location.origin);

-    const currentUserId = localStorage.getItem('currentUserId');
-
-    if (currentUserId) {
+    if (document.cookie.indexOf('MMUSERID=') > -1) {
        loadMeAndConfig(() => d1.resolve());
    } else {
        getClientConfig()(store.dispatch, store.getState).then(
@@ -85,7 +82,7 @@ function preRenderSetup(callwhendone) {
         () => {
             // Turn off to prevent getting stuck in a loop
             $(window).off('beforeunload');
-             if (UserStore.getCurrentUser()) {
+             if (document.cookie.indexOf('MMUSERID=') > -1) {
                 viewChannel('', ChannelStore.getCurrentId() || '')(dispatch, getState);
             }
             Websockets.close();
--- a/webapp/store/index.js
+++ b/webapp/store/index.js
@@ -77,6 +77,9 @@ export default function configureStore(initialState) {

                    persistor.purge();

+                    document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
+                    window.location.href = '/';
+
                    store.dispatch(batchActions([
                        {
                            type: General.OFFLINE_STORE_RESET,
@@ -84,9 +87,6 @@ export default function configureStore(initialState) {
                        }
                    ]));

-                    localStorage.removeItem('currentUserId');
-                    window.location.href = '/';
-
                    setTimeout(() => {
                        purging = false;
                    }, 500);