Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-21 11:25:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "FIX: add path to cookies so sessions on the same domain but different subfolders don't log each other out"

Browse Source
This commit is contained in:
Neil Lalonde 2017-06-21 16:18:24 -04:00
parent aaaa93c216
commit 8fd915a11a
2 changed files with 1 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/auth/default_current_user_provider.rb
View File

@ -159,8 +159,7 @@ class Auth::DefaultCurrentUserProvider
value: unhashed_auth_token,
httponly: true,
expires: SiteSetting.maximum_session_age.hours.from_now,
secure: SiteSetting.force_https,
path: GlobalSetting.relative_url_root.nil? ? '/' : GlobalSetting.relative_url_root
secure: SiteSetting.force_https
}
if SiteSetting.same_site_cookies != "Disabled"

12
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -245,18 +245,6 @@ describe Auth::DefaultCurrentUserProvider do
expect(cookies["_t"].key?(:same_site)).to eq(false)
end
it "cookies includes path" do
user = Fabricate(:user)
cookies = {}
provider('/').log_on_user(user, {}, cookies)
expect(cookies["_t"][:path]).to eq("/")
GlobalSetting.stubs(:relative_url_root).returns('/forum')
cookies = {}
provider('/').log_on_user(user, {}, cookies)
expect(cookies["_t"][:path]).to eq("/forum")
end
it "correctly expires session" do
SiteSetting.maximum_session_age = 2
user = Fabricate(:user)