liquid_feedback_frontend
changeset 1523:3bd7f57f887a
Do not create new session for invalid oauth2 session request
| author | bsw |
|---|---|
| date | Thu Aug 20 15:51:44 2020 +0200 (2020-08-20) |
| parents | 71232f776a62 |
| children | 91375420c8c5 |
| files | app/main/_filter/20_session.lua |
line diff
1.1 --- a/app/main/_filter/20_session.lua Thu Aug 20 15:48:52 2020 +0200 1.2 +++ b/app/main/_filter/20_session.lua Thu Aug 20 15:51:44 2020 +0200 1.3 @@ -1,9 +1,10 @@ 1.4 local cookie = request.get_cookie{ name = config.cookie_name } 1.5 local cookie_samesite = request.get_cookie{ name = config.cookie_name_samesite } 1.6 1.7 +local oauth2_session_request = request.get_module() == "oauth2" and request.get_view() == "session" 1.8 + 1.9 if 1.10 - cookie and cookie ~= cookie_samesite 1.11 - and not (request.get_module() == "oauth2" and request.get_view() == "session") 1.12 + cookie and cookie ~= cookie_samesite and not oauth2_session_request 1.13 then 1.14 slot.put_into("error", _"Cookie error. Try restarting your web browser and login again.") 1.15 ui.script{ script = [[ 1.16 @@ -25,7 +26,8 @@ 1.17 if cookie then 1.18 app.session = Session:by_ident(cookie) 1.19 end 1.20 -if not app.session then 1.21 + 1.22 +if not app.session and not oauth2_session_request then 1.23 app.session = Session:new() 1.24 app.session:set_cookie() 1.25 end