don't verify empty cookies

author: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-03-28 11:06:31 -0600
committer: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-03-28 11:06:31 -0600
commit: dee173cc63d3b51d47c1a321096a4963fe458075 (patch)
tree: 4d235f17d46c0797b918ea26a924a094a69190a6 /api/auth.go
parent: b2fc689bdcff28bf75c0128db19ba4730d726b4f (diff)
download: hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.tar.gz
hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/api/auth.go b/api/auth.go
index dcddf5a..0294edd 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -169,7 +169,7 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
 		user, userErr := getUserFromAuthHeader(context.DBConn, authHeader)
 
 		sessionCookie, err := req.Cookie("session")
-		if err == nil {
+		if err == nil && sessionCookie.Value != "" {
 			user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value)
 		}
 
@@ -180,6 +180,8 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp
 				Name:   "session",
 				MaxAge: 0, // reset session cookie in case
 			})
+
+			context.User = nil
 			return failure(context, req, resp)
 		}
author	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-03-28 11:06:31 -0600
committer	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-03-28 11:06:31 -0600
commit	dee173cc63d3b51d47c1a321096a4963fe458075 (patch)
tree	4d235f17d46c0797b918ea26a924a094a69190a6 /api/auth.go
parent	b2fc689bdcff28bf75c0128db19ba4730d726b4f (diff)
download	hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.tar.gz hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.zip