From b81149fa47edf38ebe2ed56e0653d3582cd96f91 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 25 Jul 2011 21:15:09 +0000 Subject: [PATCH] Remove autologin cookie on unverified request. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/application_controller.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bfed52d84..1a9eb16d7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -27,7 +27,10 @@ class ApplicationController < ActionController::Base exempt_from_layout 'builder', 'rsb' protect_from_forgery - + def handle_unverified_request + super + cookies.delete(:autologin) + end # Remove broken cookie after upgrade from 0.8.x (#4292) # See https://rails.lighthouseapp.com/projects/8994/tickets/3360 # TODO: remove it when Rails is fixed -- 2.39.5