Enforce a lifetime on session cookies

Problem described in http://seclists.org/fulldisclosure/2013/Sep/145 Pattern taken from https://www.coffeepowered.net/2013/09/26/rails-session-cookies/
author: Louise Crow <louise.crow@gmail.com> 2014-11-21 14:54:26 +0000
committer: Louise Crow <louise.crow@gmail.com> 2014-12-12 17:53:34 +0000
commit: d76c2e82328ed2a00add7bdfb528ed4393e640b7 (patch)
tree: c00101292ac9e819138908d339913006d0682699 /app/controllers/user_controller.rb
parent: af2e8aa9e6e978f1b6cd37a92b492e8a89e2ee4d (diff)
1 files changed, 1 insertions, 9 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index baeaab18a..9798ff8e2 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -260,16 +260,8 @@ class UserController < ApplicationController
         do_post_redirect post_redirect
     end
 
-    # Logout form
-    def _do_signout
-        session[:user_id] = nil
-        session[:user_circumstance] = nil
-        session[:remember_me] = false
-        session[:using_admin] = nil
-        session[:admin_name] = nil
-    end
     def signout
-        self._do_signout
+        clear_session_credentials
         if params[:r]
             redirect_to params[:r]
         else
author	Louise Crow <louise.crow@gmail.com>	2014-11-21 14:54:26 +0000
committer	Louise Crow <louise.crow@gmail.com>	2014-12-12 17:53:34 +0000
commit	d76c2e82328ed2a00add7bdfb528ed4393e640b7 (patch)
tree	c00101292ac9e819138908d339913006d0682699 /app/controllers/user_controller.rb
parent	af2e8aa9e6e978f1b6cd37a92b492e8a89e2ee4d (diff)