From 5bc3054d61559107868dfa351b25d8f48c571151 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 7 Nov 2011 17:46:15 +0000 Subject: [PATCH] Store the username in a cookie and use it to validate the session --- app/controllers/application_controller.rb | 8 +++++++- app/controllers/user_controller.rb | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d58bc8922..c2f1e644c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -18,7 +18,10 @@ class ApplicationController < ActionController::Base if session[:user] @user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first - if @user.status == "suspended" + if @user.display_name != cookies["_osm_username"] + reset_session + @user = nil + elsif @user.status == "suspended" session.delete(:user) session_expires_automatically @@ -37,10 +40,13 @@ class ApplicationController < ActionController::Base elsif session[:token] if @user = User.authenticate(:token => session[:token]) session[:user] = @user.id + else + reset_session end end rescue Exception => ex logger.info("Exception authorizing user: #{ex.to_s}") + reset_session @user = nil end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 3622b037d..510471555 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -336,6 +336,7 @@ class UserController < ApplicationController token.destroy session[:user] = user.id + cookies["_osm_username"] = user.display_name if referer.nil? flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') @@ -388,6 +389,7 @@ class UserController < ApplicationController end token.destroy session[:user] = @user.id + cookies["_osm_username"] = @user.display_name redirect_to :action => 'account', :display_name => @user.display_name else flash[:error] = t 'user.confirm_email.failure' @@ -615,6 +617,8 @@ private ## # process a successful login def successful_login(user) + cookies["_osm_username"] = user.display_name + session[:user] = user.id session_expires_after 1.month if session[:remember_me] -- 2.39.5