Merge tag 'v3.0.1' into fiksgatami-dev

author: Marius Halden <marius.h@lden.org> 2020-09-29 14:23:52 +0200
committer: Marius Halden <marius.h@lden.org> 2020-09-29 14:23:52 +0200
commit: a27ce1524d801d2742a2bdb6ec1da45126d64353 (patch)
tree: 64123c4e17dc1776aa0a7cd65ee01d49d3e7d978 /perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
parent: 377bd96aab7cad3434185c30eb908c9da447fe40 (diff)
parent: 2773c60226b9370fe8ee00f7b205b571bb87c3b5 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm b/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
new file mode 100644
index 000000000..8da88721f
--- /dev/null
+++ b/perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
@@ -0,0 +1,26 @@
+package Catalyst::Plugin::FixMyStreet::Session::RotateSession;
+use Moose::Role;
+use namespace::autoclean;
+
+# After successful authentication, rotate the session ID
+after set_authenticated => sub {
+    my $c = shift;
+    $c->change_session_id;
+};
+
+# The below is necessary otherwise the rotation fails due to the delegate
+# holding on to the now-deleted old session. See
+# https://rt.cpan.org/Public/Bug/Display.html?id=112679
+
+after delete_session_data => sub {
+    my ($c, $key) = @_;
+
+    my ($field) = split(':', $key);
+    if ($field eq 'session') {
+        $c->_session_store_delegate->_session_row(undef);
+    } elsif ($field eq 'flash') {
+        $c->_session_store_delegate->_flash_row(undef);
+    }
+};
+
+1;
author	Marius Halden <marius.h@lden.org>	2020-09-29 14:23:52 +0200
committer	Marius Halden <marius.h@lden.org>	2020-09-29 14:23:52 +0200
commit	a27ce1524d801d2742a2bdb6ec1da45126d64353 (patch)
tree	64123c4e17dc1776aa0a7cd65ee01d49d3e7d978 /perllib/Catalyst/Plugin/FixMyStreet/Session/RotateSession.pm
parent	377bd96aab7cad3434185c30eb908c9da447fe40 (diff)
parent	2773c60226b9370fe8ee00f7b205b571bb87c3b5 (diff)