This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
* feat: fix session mismatch errors by clearing cookie on logout
* feat: remove app.upateHeader
ported from 2.0
* feat: handle if user doesn't click button and just refreshes page
* fix: #8142, broken site if no server-side session
During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session. If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.
Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.
* feat: exported method to get cookie config
* fix: don't clear cookie if cookie is being set
* fix: socket.io tests
Co-authored-by: Barış Soner Uşaklı <[email protected]>
* fix: #7038, autoLocale logic not playing nicely with no-refresh auths
- on login, req.query.lang is deleted (since it seems to be left over)
- on logout, the middleware.autoLocale is executed, which resets
req.query.lang
- middleware.autoLocale is new, just refactored existing logic in
webserver.js into new middleware method.
* style: tests, use lodash
* fix: timeago strings not switching languages on login or out
Barış Soner Uşaklı
Peter Jaszkowiak
Julian Lam
Barış Soner Uşaklı
renovate[bot]
psychobunny
HeeL