oppi.li
targeting
master
from
push-orvkryxksqsz
the final addition to my collection of oauth fixes: the session cookie is not a sufficient indication of a logged-in-ness of a user, we additionally validate this cookie against the session on redis using ResumeSession and kick users out if their session is invalid.
previously, a user may have appeared to be logged in (via the profile picture on the top right), but creating an auth'd request would have login-prompted them.
Signed-off-by: oppiliappan me@oppi.li
the final addition to my collection of oauth fixes: the session cookie
is not a sufficient indication of a logged-in-ness of a user, we
additionally validate this cookie against the session on redis using
ResumeSession and kick users out if their session is invalid.
previously, a user may have appeared to be logged in (via the profile
picture on the top right), but creating an auth'd request would have
login-prompted them.
Signed-off-by: oppiliappan <me@oppi.li>
tangled.org