Fix issue with cookie expiration

This commit is contained in:
Omar Roth 2019-03-17 12:40:24 -05:00
parent d85020079f
commit 44f4057876

View File

@ -982,12 +982,11 @@ post "/login" do |env|
preferences = env.get("preferences").as(Preferences) preferences = env.get("preferences").as(Preferences)
PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences, user.email) PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences, user.email)
login.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: "", expires: Time.new(1990, 1, 1), cookie = env.request.cookies["PREFS"]
secure: secure, http_only: true) cookie.expires = Time.new(1990, 1, 1)
env.response.cookies << cookie
end end
login.cookies.add_response_headers(env.response.headers)
env.redirect referer env.redirect referer
rescue ex rescue ex
error_message = translate(locale, "Login failed. This may be because two-factor authentication is not enabled on your account.") error_message = translate(locale, "Login failed. This may be because two-factor authentication is not enabled on your account.")
@ -1099,8 +1098,9 @@ post "/login" do |env|
# Since this user has already registered, we don't want to overwrite their preferences # Since this user has already registered, we don't want to overwrite their preferences
if env.request.cookies["PREFS"]? if env.request.cookies["PREFS"]?
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: "", expires: Time.new(1990, 1, 1), cookie = env.request.cookies["PREFS"]
secure: secure, http_only: true) cookie.expires = Time.new(1990, 1, 1)
env.response.cookies << cookie
end end
elsif action == "register" elsif action == "register"
if !config.registration_enabled if !config.registration_enabled
@ -1156,11 +1156,12 @@ post "/login" do |env|
end end
if env.request.cookies["PREFS"]? if env.request.cookies["PREFS"]?
preferences = env.get("preferences").as(Preferences) preferences = env.get("preferences").as(Preferences).to_json
PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences, user.email) PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences, user.email)
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: "", expires: Time.new(1990, 1, 1), cookie = env.request.cookies["PREFS"]
secure: secure, http_only: true) cookie.expires = Time.new(1990, 1, 1)
env.response.cookies << cookie
end end
end end
@ -1193,9 +1194,8 @@ get "/signout" do |env|
env.request.cookies.each do |cookie| env.request.cookies.each do |cookie|
cookie.expires = Time.new(1990, 1, 1) cookie.expires = Time.new(1990, 1, 1)
env.response.cookies << cookie
end end
env.request.cookies.add_response_headers(env.response.headers)
end end
env.redirect referer env.redirect referer
@ -1803,8 +1803,8 @@ post "/delete_account" do |env|
env.request.cookies.each do |cookie| env.request.cookies.each do |cookie|
cookie.expires = Time.new(1990, 1, 1) cookie.expires = Time.new(1990, 1, 1)
env.response.cookies << cookie
end end
env.request.cookies.add_response_headers(env.response.headers)
end end
env.redirect referer env.redirect referer