Commit f57456ca authored by o@immerda.ch's avatar o@immerda.ch
Browse files

reset session id after login and logout

parent 0a280817
......@@ -95,5 +95,6 @@ class ApplicationController < ActionController::Base
def destroy_session
session[:user_id] = nil
session[:mail_crypt_recovery_token] = nil
reset_session
end
end
......@@ -19,7 +19,6 @@ class SessionsController < ApplicationController
end
client_fails = Rails.cache.read(client_auth_key) || 0
total_fails = client_fails + u['auth_failures']
puts "fails: #{client_fails} ip / #{u['auth_failures']} u, locked: #{u['locked']}"
captcha = u['locked'] || total_fails > 10
{
# how many pow do we want from the client
......@@ -116,6 +115,8 @@ EOF
return render '2fa'
end
end
reset_session
unless @handoff
session[:user_id] = res['email']
update_session_expiry
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment