cookie recovery cause we have been messing with it.

2013-02-24 21:50:34 +11:00 · 2013-02-24 21:50:34 +11:00 · fd2e9a99bf
parent b66db4153d
commit fd2e9a99bf
1 changed files with 11 additions and 1 deletions
--- a/lib/current_user.rb
+++ b/lib/current_user.rb
@ -17,7 +17,11 @@ module CurrentUser
      user.auth_token = SecureRandom.hex(16)
      user.save!
    end
-    cookies.permanent[:_t] = { :value => user.auth_token, :httponly => true }
+    set_permanent_cookie!(user)
+  end
+
+  def set_permanent_cookie!(user)
+    cookies.permanent["_t"] = { :value => user.auth_token, :httponly => true }
  end

  def current_user
@ -29,6 +33,12 @@ module CurrentUser
      session[:current_user_id] = @current_user.id if @current_user
    else
      @current_user ||= User.where(id: session[:current_user_id]).first
+      
+      # cookie recovery from session, we have been messing with it, fix it up
+      if @current_user && cookies["_t"] != @current_user.auth_token
+        set_permanent_cookie!(@current_user)
+      end
+
    end

    if @current_user && @current_user.is_banned?