search

devsnd / cherrymusic

Stream your own music collection to all your devices! The easy to use free and open-source music streaming server.
http://www.fomori.org/cherrymusic
GNU General Public License v3.0
1.03k stars 189 forks source link

Fix logout #696

Closed faircopy closed 6 years ago

faircopy commented 6 years ago

Clicking on "Logout" button didn't log me out.

Testing environment:

coveralls commented 6 years ago

Coverage Status

Coverage remained the same at 73.609% when pulling 86adbd11d0f5af9a96f88d8c71a058239675946e on faircopy:logout-fix into aa4eea153b96537383af336fccfb0cd9beee3ceb on devsnd:devel.

devsnd commented 6 years ago

Hey @faircopy, thanks for your PR, it's really appreciated! Before I merge it, can you please clear all the session variables that are set in session_auth.

https://github.com/faircopy/cherrymusic/blob/86adbd11d0f5af9a96f88d8c71a058239675946e/cherrymusicserver/httphandler.py#L217-L219

Otherwise the logout action is not exactly the reverse of the login action (and there is a stale user_id and isadmin in the session, which might lead to security issues).

faircopy commented 6 years ago

Fixed, I'll be more thorough next time.

coveralls commented 6 years ago

Coverage Status

Coverage decreased (-0.02%) to 73.584% when pulling 3215d9911f672e2b5ba1781066e18e3773dafa0f on faircopy:logout-fix into aa4eea153b96537383af336fccfb0cd9beee3ceb on devsnd:devel.

devsnd commented 6 years ago

@faircopy thanks a bunch! see you next time. Here, take this sushi as a reward: 🍣

faircopy commented 6 years ago

Thanks! :smile: