Commit `1fed3df`

mo <mokha@cisco.com>

2017-08-26 23:01:20

issue a new session_id on login.

master

1 parent c8b9d51

Changed files (1)

app

controllers

sessions_controller.rb

@@ -1,9 +1,18 @@
 class SessionsController < PublicController
+  def new
+    if current_user.present?
+      redirect_to dashboard_path
+    else
+      @user = User.new
+    end
+  end
+
   def create
     if user_session = User.login(
         params[:user][:username],
         params[:user][:password]
     )
+      reset_session
       session[:user_id] = user_session.access(request)
       redirect_to dashboard_path
     else
@@ -12,17 +21,9 @@ class SessionsController < PublicController
     end
   end
 
-  def new
-    if current_user.present?
-      redirect_to dashboard_path
-    else
-      @user = User.new
-    end
-  end
-
   def destroy
     UserSession.authenticate(session[:user_id]).try(:revoke!)
-    reset_session()
+    reset_session
     redirect_to root_path
   end
 end

Commit 1fed3df

Commit `1fed3df`