From 1ace285d35808518e92b41bb160a246b1589f4e5 Mon Sep 17 00:00:00 2001
From: Lilian <lilian@blahaj.space>
Date: Tue, 16 Jul 2024 20:33:47 +0200
Subject: [PATCH] [frontend] Set sessions cookie to string of tokens

---
 Iceshrimp.Frontend/Core/Services/SessionService.cs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/Iceshrimp.Frontend/Core/Services/SessionService.cs b/Iceshrimp.Frontend/Core/Services/SessionService.cs
index c6a90d77..6796ec42 100644
--- a/Iceshrimp.Frontend/Core/Services/SessionService.cs
+++ b/Iceshrimp.Frontend/Core/Services/SessionService.cs
@@ -63,24 +63,25 @@ internal class SessionService
 		Current = null;
 		LocalStorage.RemoveItem("last_user");
 		((IJSInProcessRuntime)Js).InvokeVoid("eval",
-		                                     "document.cookie = \"admin_session=; path=/ ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
+											 "document.cookie = \"admin_session=; path=/ ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
 	}
 
 	public void SetSession(string id)
 	{
 		((IJSInProcessRuntime)Js).InvokeVoid("eval",
-		                                     "document.cookie = \"admin_session=; path=/; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
+											 "document.cookie = \"admin_session=; path=/; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
 		var user = GetUserById(id);
 		if (user == null) throw new Exception("Did not find User in Local Storage");
 		ApiService.SetBearerToken(user.Token);
 		Current = user;
 		LocalStorage.SetItem("last_user", user.Id);
+		var sessionsString = Users.Aggregate("", (current, el) => current + $"{el.Value.Token},").TrimEnd(',');
 		((IJSInProcessRuntime)Js).InvokeVoid("eval",
-		                                     $"document.cookie = \"session={user.Id}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
+											 $"document.cookie = \"sessions={sessionsString}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
 		if (user.IsAdmin)
 		{
 			((IJSInProcessRuntime)Js).InvokeVoid("eval",
-			                                     $"document.cookie = \"admin_session={user.Token}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
+												 $"document.cookie = \"admin_session={user.Token}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
 		}
 		// Security implications of this need a second pass? user.Id should never be user controllable, but still.
 	}