Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing)

Browse Source 
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.

Session sharing now sets `reroll` to `false` if re-validate is enabled.
This commit is contained in:
Julian Lam
2021-06-04 11:34:49 -04:00
parent 6632b2b6c3
commit 816856b0c6
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/controllers/authentication.js
View File

@@ -326,12 +326,16 @@ authenticationController.doLogin = async function (req, uid) {
return; return;
} }
const loginAsync = util.promisify(req.login).bind(req); const loginAsync = util.promisify(req.login).bind(req);
const regenerateSession = util.promisify(req.session.regenerate).bind(req.session);
const sessionData = { ...req.session }; const { reroll } = req.res.locals;
await regenerateSession(); if (reroll !== false) {
for (const [prop, value] of Object.entries(sessionData)) { const regenerateSession = util.promisify(req.session.regenerate).bind(req.session);
req.session[prop] = value;
const sessionData = { ...req.session };
await regenerateSession();
for (const [prop, value] of Object.entries(sessionData)) {
req.session[prop] = value;
}
} }
await loginAsync({ uid: uid }); await loginAsync({ uid: uid });