notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[frontend] Specify session cookie path

Browse source
This commit is contained in:
Lilian 2024-06-21 22:06:14 +02:00
parent e8ecee4c76
commit 81b2a6b592
No known key found for this signature in database
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Iceshrimp.Frontend/Core/Services/SessionService.cs
View file

@ -63,24 +63,24 @@ internal class SessionService
Current = null;
LocalStorage.RemoveItem("last_user");
((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"admin_session= ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
$"document.cookie = \"admin_session=; path=/ ; Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
}
public void SetSession(string id)
{
((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"admin_session= ; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
$"document.cookie = \"admin_session=; path=/; expires=Fri, 31 Dec 1000 23:59:59 GMT SameSite=Lax\"");
var user = GetUserById(id);
if (user == null) throw new Exception("Did not find User in Local Storage");
ApiService.SetBearerToken(user.Token);
Current = user;
LocalStorage.SetItem("last_user", user.Id);
((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"session={user.Id}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
$"document.cookie = \"session={user.Id}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
if (user.IsAdmin)
{
((IJSInProcessRuntime)Js).InvokeVoid("eval",
$"document.cookie = \"admin_session={user.Token}; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
$"document.cookie = \"admin_session={user.Token}; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT; SameSite=Lax\"");
}
// Security implications of this need a second pass? user.Id should never be user controllable, but still.
}