summaryrefslogtreecommitdiffstats
path: root/routers/user
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2016-03-12 20:56:03 -0500
committerUnknwon <u@gogs.io>2016-03-12 20:56:03 -0500
commitb4f47a762338abe6ce3a6e3d6d0896b8a387228d (patch)
tree5823198cf6e1c3cc05f061d7c463f4761a844e90 /routers/user
parentaf8eccc02eaef5e6679dd15baf68492f25fb9f45 (diff)
downloadgitea-b4f47a762338abe6ce3a6e3d6d0896b8a387228d.tar.gz
gitea-b4f47a762338abe6ce3a6e3d6d0896b8a387228d.zip
#1891 attempt to fix invalid csrf token
Diffstat (limited to 'routers/user')
-rw-r--r--routers/user/auth.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go
index 3af87c5844..646b878396 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -63,6 +63,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
isSucceed = true
ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name)
+ ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
return true, nil
}
@@ -116,6 +117,10 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name)
+
+ // Clear whatever CSRF has right now, force to generate a new one
+ ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
+
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
ctx.Redirect(redirectTo)
@@ -133,6 +138,7 @@ func SignOut(ctx *context.Context) {
ctx.Session.Delete("socialEmail")
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
+ ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/")
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 18:41:57 +0000