2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-06-01 12:20:20 +00:00
|
|
|
|
2019-07-30 13:43:27 +00:00
|
|
|
# This migration removes all pre-existing user sessions
|
|
|
|
# so that they can be replaced with sessions that use "secure cookies".
|
|
|
|
# It is skipped on non-HTTPS deployments
|
|
|
|
# because those are incompatible with secure cookies anyway.
|
|
|
|
class ForgetInsecureSessions < ActiveRecord::Migration[5.2]
|
|
|
|
def up
|
2020-08-03 08:35:43 +00:00
|
|
|
return if !Setting.exists?(name: 'system_init_done')
|
2019-07-30 13:43:27 +00:00
|
|
|
return if Setting.get('http_type') != 'https'
|
|
|
|
|
|
|
|
ActiveRecord::SessionStore::Session.destroy_all
|
|
|
|
end
|
|
|
|
end
|