1
0
mirror of https://github.com/aclindsa/moneygo.git synced 2024-12-26 23:42:29 -05:00

Ensure we don't have duplicate session secrets

This commit is contained in:
Aaron Lindsay 2017-11-18 20:45:35 -05:00
parent 56dcc5e1d7
commit 216d413c15

View File

@ -81,6 +81,14 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
return nil, err return nil, err
} }
existing, err := tx.SelectInt("SELECT count(*) from sessions where SessionSecret=?", session_secret)
if err != nil {
return nil, err
}
if existing > 0 {
return nil, fmt.Errorf("%d session(s) exist with the generated session_secret")
}
cookie := http.Cookie{ cookie := http.Cookie{
Name: "moneygo-session", Name: "moneygo-session",
Value: session_secret, Value: session_secret,