Commit 2efc1b2a authored by o's avatar o
Browse files

keep login_token only when needed!

parent 1e3915a9
Pipeline #8197 passed with stages
in 3 minutes and 35 seconds
......@@ -83,9 +83,11 @@ class ApplicationController < ActionController::Base
cookies.encrypted[:logged_in] = l.to_json
end
def reset_user_session
def reset_user_session(keep_token=false)
unless session_expired?
url = session[:origin_url]
end
if keep_token
token = session[:login_token]
end
reset_session
......
......@@ -106,7 +106,7 @@ class LoginController < ApplicationController
def new
flash[:notice] = nil
new_login_session
new_login_session(true)
end
def nonce_js
......@@ -141,11 +141,11 @@ EOF
private
def new_login_session
def new_login_session(keep_token=false)
load_news_frame
f = flash[:notice]
fails = session[:auth_failures] || 0
reset_user_session
reset_user_session(keep_token)
params.delete(:user_id)
session[:auth_failures] = fails
flash[:notice] = f
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment