trabajo-afectivo/db/migrate/20190718140450_forget_insecure_sessions.rb

15 lines
546 B
Ruby
Raw Permalink Normal View History

2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
# This migration removes all pre-existing user sessions
# so that they can be replaced with sessions that use "secure cookies".
# It is skipped on non-HTTPS deployments
# because those are incompatible with secure cookies anyway.
class ForgetInsecureSessions < ActiveRecord::Migration[5.2]
def up
return if !Setting.exists?(name: 'system_init_done')
return if Setting.get('http_type') != 'https'
ActiveRecord::SessionStore::Session.destroy_all
end
end