From d59b0f6ff7ee24d94eaa5ad68173405faea6a81c Mon Sep 17 00:00:00 2001
From: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Date: Sat, 29 Feb 2020 00:26:03 +0800
Subject: conf: overhaul sessions settings (#5952)

---
 internal/route/user/auth.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'internal/route/user')

diff --git a/internal/route/user/auth.go b/internal/route/user/auth.go
index 7c29634b..7d72eb16 100644
--- a/internal/route/user/auth.go
+++ b/internal/route/user/auth.go
@@ -66,7 +66,7 @@ func AutoLogin(c *context.Context) (bool, error) {
 	isSucceed = true
 	c.Session.Set("uid", u.ID)
 	c.Session.Set("uname", u.Name)
-	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
+	c.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
 	if conf.Security.EnableLoginStatusCookie {
 		c.SetCookie(conf.Security.LoginStatusCookieName, "true", 0, conf.Server.Subpath)
 	}
@@ -130,7 +130,7 @@ func afterLogin(c *context.Context, u *db.User, remember bool) {
 	c.Session.Delete("twoFactorUserID")
 
 	// Clear whatever CSRF has right now, force to generate a new one
-	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
+	c.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
 	if conf.Security.EnableLoginStatusCookie {
 		c.SetCookie(conf.Security.LoginStatusCookieName, "true", 0, conf.Server.Subpath)
 	}
@@ -285,7 +285,7 @@ func SignOut(c *context.Context) {
 	c.Session.Destory(c.Context)
 	c.SetCookie(conf.Security.CookieUsername, "", -1, conf.Server.Subpath)
 	c.SetCookie(conf.Security.CookieRememberName, "", -1, conf.Server.Subpath)
-	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
+	c.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
 	c.SubURLRedirect("/")
 }
 
-- 
cgit v1.2.3