Secured users session, considering foodcoop token.

This commit is contained in:
Benjamin Meichsner 2010-03-22 01:38:23 +01:00
parent 18e8a11b7d
commit 9a54d8504c

View file

@ -26,10 +26,9 @@ class ApplicationController < ActionController::Base
def current_user def current_user
begin begin
# check if there is a valid session and return the logged-in user (its object) # check if there is a valid session and return the logged-in user (its object)
if session['user_and_subdomain'] if session[:user] and session[:foodcoop]
id, subdomain = session['user_and_subdomain'].split
# for shared-host installations. check if the cookie-subdomain fits to request. # for shared-host installations. check if the cookie-subdomain fits to request.
return User.current_user = User.find(id) if request.subdomains.first == subdomain return User.current_user = User.find(session[:user]) if session[:foodcoop] == Foodsoft.env
end end
rescue rescue
reset_session reset_session
@ -39,7 +38,7 @@ class ApplicationController < ActionController::Base
end end
def current_user=(user) def current_user=(user)
session['user_and_subdomain'] = [user.id, request.subdomains.first].join(" ") session[:user], session[:foodcoop] = user.id, Foodsoft.env
end end
def return_to def return_to