diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-03-28 11:06:31 -0600 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-03-28 11:06:31 -0600 |
| commit | dee173cc63d3b51d47c1a321096a4963fe458075 (patch) | |
| tree | 4d235f17d46c0797b918ea26a924a094a69190a6 /api | |
| parent | b2fc689bdcff28bf75c0128db19ba4730d726b4f (diff) | |
| download | hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.tar.gz hatecomputers.club-dee173cc63d3b51d47c1a321096a4963fe458075.zip | |
don't verify empty cookies
Diffstat (limited to 'api')
| -rw-r--r-- | api/auth.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/api/auth.go b/api/auth.go index dcddf5a..0294edd 100644 --- a/api/auth.go +++ b/api/auth.go @@ -169,7 +169,7 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp user, userErr := getUserFromAuthHeader(context.DBConn, authHeader) sessionCookie, err := req.Cookie("session") - if err == nil { + if err == nil && sessionCookie.Value != "" { user, userErr = getUserFromSession(context.DBConn, sessionCookie.Value) } @@ -180,6 +180,8 @@ func VerifySessionContinuation(context *RequestContext, req *http.Request, resp Name: "session", MaxAge: 0, // reset session cookie in case }) + + context.User = nil return failure(context, req, resp) } |