Remove autologin cookie on unverified request.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2011-07-25 21:15:09 +00:00
parent 130b71d121
commit b81149fa47
1 changed files with 4 additions and 1 deletions

View File

@ -27,7 +27,10 @@ class ApplicationController < ActionController::Base
exempt_from_layout 'builder', 'rsb'
protect_from_forgery
def handle_unverified_request
super
cookies.delete(:autologin)
end
# Remove broken cookie after upgrade from 0.8.x (#4292)
# See https://rails.lighthouseapp.com/projects/8994/tickets/3360
# TODO: remove it when Rails is fixed