diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-03-28 11:06:31 -0600 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-03-28 11:06:31 -0600 |
| commit | dee173cc63d3b51d47c1a321096a4963fe458075 (patch) | |
| tree | 4d235f17d46c0797b918ea26a924a094a69190a6 | |
| parent | b2fc689bdcff28bf75c0128db19ba4730d726b4f (diff) | |
| download | hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.tar.gz hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.zip | |
don't verify empty cookies
| -rw-r--r-- | api/auth.go | 4 | ||||
| -rw-r--r-- | templates/home.html | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/api/auth.go b/api/auth.go index dcddf5a..0294edd 100644 --- a/api/auth.go +++ b/api/auth.go @@ -169,7 +169,7 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp user, userErr := getUserFromAuthHeader(context.DBConn, authHeader) sessionCookie, err := req.Cookie("session") - if err == nil { + if err == nil && sessionCookie.Value != "" { user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value) } @@ -180,6 +180,8 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp Name: "session", MaxAge: 0, // reset session cookie in case }) + + context.User = nil return failure(context, req, resp) } diff --git a/templates/home.html b/templates/home.html index de52bef..1c03377 100644 --- a/templates/home.html +++ b/templates/home.html @@ -1,3 +1,3 @@ {{ define "content" }} -<p class="blinky">under construction!</p> + <p class="blinky">under construction!</p> {{ end }} |