maxdobeck
commented
6 years ago Looks like this is working but we don't direct the user to the next route and instead force them to the root url.
Closed maxdobeck closed 6 years ago
maxdobeck
commented
6 years ago Looks like this is working but we don't direct the user to the next route and instead force them to the root url.
maxdobeck
commented
6 years ago This has been fixed by changing how we check for a valid session. Everything depends on the server side session via the cookie.
When a user is logged out due to a bad session get a new card token and cookie. Currently the last csrf token is used and it is stale.