mirror of
https://github.com/redmine/redmine.git
synced 2024-09-13 23:56:26 +02:00
Reset session on login/logout (#4248).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
4e3202d2a2
commit
0485d3a524
@ -61,12 +61,12 @@ class ApplicationController < ActionController::Base
|
|||||||
|
|
||||||
# Sets the logged in user
|
# Sets the logged in user
|
||||||
def logged_user=(user)
|
def logged_user=(user)
|
||||||
|
reset_session
|
||||||
if user && user.is_a?(User)
|
if user && user.is_a?(User)
|
||||||
User.current = user
|
User.current = user
|
||||||
session[:user_id] = user.id
|
session[:user_id] = user.id
|
||||||
else
|
else
|
||||||
User.current = User.anonymous
|
User.current = User.anonymous
|
||||||
session[:user_id] = nil
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -182,6 +182,24 @@ class AccountTest < ActionController::IntegrationTest
|
|||||||
assert user.hashed_password.blank?
|
assert user.hashed_password.blank?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_login_and_logout_should_clear_session
|
||||||
|
get '/login'
|
||||||
|
sid = session[:session_id]
|
||||||
|
|
||||||
|
post '/login', :username => 'admin', :password => 'admin'
|
||||||
|
assert_redirected_to 'my/page'
|
||||||
|
assert_not_equal sid, session[:session_id], "login should reset session"
|
||||||
|
assert_equal 1, session[:user_id]
|
||||||
|
sid = session[:session_id]
|
||||||
|
|
||||||
|
get '/'
|
||||||
|
assert_equal sid, session[:session_id]
|
||||||
|
|
||||||
|
get '/logout'
|
||||||
|
assert_not_equal sid, session[:session_id], "logout should reset session"
|
||||||
|
assert_nil session[:user_id]
|
||||||
|
end
|
||||||
|
|
||||||
else
|
else
|
||||||
puts 'Mocha is missing. Skipping tests.'
|
puts 'Mocha is missing. Skipping tests.'
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user