Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Revert sessions to cookieSessions

Browse source 
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
This commit is contained in:
Sebastian Gierlinger 2013-10-18 13:24:01 +02:00
parent 0437e16a7a
commit 2ee8f96829
2 changed files with 11 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
core/server.js
View file

@ -275,14 +275,9 @@ when(ghost.init()).then(function () {
// Session handling
// Pro tip: while in development mode cookieSession can be used
// to keep you logged in while restarting the server
server.use(express.cookieParser());
if (process.env.NODE_ENV === 'development'
&& ghost.config().hasOwnProperty('useCookieSession')
&& ghost.config().useCookieSession) {
server.use(express.cookieSession({ secret: ghost.dbHash, cookie: { maxAge: 60000000 }}));
} else {
server.use(express.session({ secret: ghost.dbHash, cookie: { maxAge: 60000000 }}));
}
server.use(express.cookieParser(ghost.dbHash));
server.use(express.cookieSession({ cookie : { maxAge: 12 * 60 * 60 * 1000 }}));
//enable express csrf protection
server.use(express.csrf());

41
core/server/controllers/admin.js
View file

@ -136,21 +136,9 @@ adminControllers = {
if (!denied) {
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
if (process.env.NODE_ENV === 'development'
&& ghost.config().hasOwnProperty('useCookieSession')
&& ghost.config().useCookieSession) {
req.session.user = user.id;
res.json(200, {redirect: req.body.redirect ? '/ghost/'
+ decodeURIComponent(req.body.redirect) : '/ghost/'});
} else {
req.session.regenerate(function (err) {
if (!err) {
req.session.user = user.id;
res.json(200, {redirect: req.body.redirect ? '/ghost/'
+ decodeURIComponent(req.body.redirect) : '/ghost/'});
}
});
}
}, function (error) {
res.json(401, {error: error.message});
});
@ -190,23 +178,10 @@ adminControllers = {
password: password
}).then(function (user) {
api.settings.edit('email', email).then(function () {
if (process.env.NODE_ENV === 'development'
&& ghost.config().hasOwnProperty('useCookieSession')
&& ghost.config().useCookieSession) {
if (req.session.user === undefined) {
req.session.user = user.id;
}
res.json(200, {redirect: '/ghost/'});
} else {
req.session.regenerate(function (err) {
if (!err) {
if (req.session.user === undefined) {
req.session.user = user.id;
}
res.json(200, {redirect: '/ghost/'});
}
});
}
});
}).otherwise(function (error) {
res.json(401, {error: error.message});
@ -254,13 +229,7 @@ adminControllers = {
}).otherwise(errors.logAndThrowError);
},
'logout': function (req, res) {
if (process.env.NODE_ENV === 'development'
&& ghost.config().hasOwnProperty('useCookieSession')
&& ghost.config().useCookieSession) {
delete req.session.user;
} else {
req.session.destroy();
}
req.session = null;
var notification = {
type: 'success',
message: 'You were successfully signed out',
@ -400,13 +369,7 @@ adminControllers = {
};
return api.notifications.add(notification).then(function () {
if (process.env.NODE_ENV === 'development'
&& ghost.config().hasOwnProperty('useCookieSession')
&& ghost.config().useCookieSession) {
delete req.session.user;
} else {
req.session.destroy();
}
req.session = null;
res.set({
"X-Cache-Invalidate": "/*"
});