diff --git a/Gemfile.lock b/Gemfile.lock index 1f61e1a84..c213f58de 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -85,12 +85,12 @@ GEM activerecord (>= 3.2) activerecord-nulldb-adapter (0.3.9) activerecord (>= 2.0.0) - activerecord-session_store (1.1.3) - actionpack (>= 4.0) - activerecord (>= 4.0) + activerecord-session_store (2.0.0) + actionpack (>= 5.2.4.1) + activerecord (>= 5.2.4.1) multi_json (~> 1.11, >= 1.11.2) - rack (>= 1.5.2, < 3) - railties (>= 4.0) + rack (>= 2.0.8, < 3) + railties (>= 5.2.4.1) activestorage (5.2.4.5) actionpack (= 5.2.4.5) activerecord (= 5.2.4.5) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 473393af4..435be74f8 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -240,7 +240,7 @@ class SessionsController < ApplicationController # remember session_id for websocket logon if current_user - config['session_id'] = session.id + config['session_id'] = session.id.public_id end config diff --git a/db/migrate/20210310090351_activerecord_session_store114.rb b/db/migrate/20210310090351_activerecord_session_store114.rb new file mode 100644 index 000000000..b11c69e1e --- /dev/null +++ b/db/migrate/20210310090351_activerecord_session_store114.rb @@ -0,0 +1,5 @@ +class ActiverecordSessionStore114 < ActiveRecord::Migration[5.2] + def change + ActionDispatch::Session::ActiveRecordStore.session_class.find_each(&:secure!) + end +end diff --git a/lib/sessions/event/login.rb b/lib/sessions/event/login.rb index d341684d1..459bba2ea 100644 --- a/lib/sessions/event/login.rb +++ b/lib/sessions/event/login.rb @@ -19,7 +19,8 @@ To execute this manually, just paste the following into the browser console app_version = AppVersion.event_data if @payload && @payload['session_id'] - session = ActiveRecord::SessionStore::Session.find_by(session_id: @payload['session_id']) + private_session_id = Rack::Session::SessionId.new(@payload['session_id']).private_id + session = ActiveRecord::SessionStore::Session.find_by(session_id: private_session_id) end new_session_data = {}