Ensure we don't have duplicate session secrets

2017-11-18 20:45:35 -05:00 · 2017-11-18 20:45:35 -05:00 · 216d413c15
parent 56dcc5e1d7
commit 216d413c15
1 changed files with 8 additions and 0 deletions
--- a/internal/handlers/sessions.go
+++ b/internal/handlers/sessions.go
@ -81,6 +81,14 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
 		return nil, err
 	}

+	existing, err := tx.SelectInt("SELECT count(*) from sessions where SessionSecret=?", session_secret)
+	if err != nil {
+		return nil, err
+	}
+	if existing > 0 {
+		return nil, fmt.Errorf("%d session(s) exist with the generated session_secret")
+	}
+
 	cookie := http.Cookie{
 		Name:     "moneygo-session",
 		Value:    session_secret,