@ -56,8 +56,9 @@ module.exports = function (middleware) {
}
}
// Ensure that the session is valid. This block guards against edge-cases where the server-side session has
// Ensure that the session is valid. This block guards against edge-cases where the server-side session has
// been deleted (but client-side cookie still exists)
// been deleted (but client-side cookie still exists).
if ( req . uid > 0 && ! req . session . meta && ! res . get ( 'Set-Cookie' ) ) {
// req.session.flash is present if you visit register/login, so all logged-in users have it, but it is missing if your server-side session got destroyed.
if ( ! req . session . flash && ! req . session . meta && ! res . get ( 'Set-Cookie' ) ) {
res . clearCookie ( nconf . get ( 'sessionKey' ) , meta . configs . cookie . get ( ) ) ;
res . clearCookie ( nconf . get ( 'sessionKey' ) , meta . configs . cookie . get ( ) ) ;
}
}
Julian Lam
5 years ago