From f736c03656e860b77907cb70d493f212473b7019 Mon Sep 17 00:00:00 2001 From: Martin Hinz Date: Wed, 15 Jan 2025 17:37:21 +0100 Subject: [PATCH] implemented conditional cookie only when user is logged in, fixes #274 --- app/controllers/application_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8845191d..233b0917 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,11 @@ class ApplicationController < ActionController::Base before_action :set_paper_trail_whodunnit before_action :http_basic_authenticate + + after_action lambda { + cookies.delete(Rails.application.config.session_options[:key]) unless user_signed_in? + request.session_options[:skip] = !(user_signed_in? || devise_controller?) + } protect_from_forgery with: :null_session, :if => Proc.new { |c| c.request.format == 'application/json' }