protect_from_forgery
if STATUS == :database_readonly or STATUS == :database_offline
- session :off
+ after_filter :clear_session
+ wrap_parameters false
+
+ def clear_session
+ session.clear
+ end
def self.cache_sweeper(*sweepers)
end
if session[:user]
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
- if @user.status == "suspended"
+ if @user.display_name != cookies["_osm_username"]
+ reset_session
+ @user = nil
+ elsif @user.status == "suspended"
session.delete(:user)
session_expires_automatically
end
end
elsif session[:token]
- @user = User.authenticate(:token => session[:token])
- session[:user] = @user.id
+ if @user = User.authenticate(:token => session[:token])
+ session[:user] = @user.id
+ end
end
rescue Exception => ex
logger.info("Exception authorizing user: #{ex.to_s}")
+ reset_session
@user = nil
end