Forcibly clean and destroy the session on logout (#11447) (#11451)

Backport #11447

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
zeripath 2020-05-17 12:32:33 +01:00 committed by GitHub
parent 878434146f
commit de9a96c4de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -988,11 +988,8 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
} }
func handleSignOut(ctx *context.Context) { func handleSignOut(ctx *context.Context) {
_ = ctx.Session.Delete("uid") _ = ctx.Session.Flush()
_ = ctx.Session.Delete("uname") _ = ctx.Session.Destroy(ctx.Context)
_ = ctx.Session.Delete("socialId")
_ = ctx.Session.Delete("socialName")
_ = ctx.Session.Delete("socialEmail")
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)