Refactor CSRF token (#32216)

2025-07-06 02:27:20 +00:00 · 2024-10-10 11:48:21 +08:00
parent 368b0881f5
commit dd83cfcacc
29 changed files with 90 additions and 126 deletions
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@ -103,8 +103,8 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore

 	middleware.SetLocaleCookie(resp, user.Language, 0)

-	// Clear whatever CSRF has right now, force to generate a new one
+	// force to generate a new CSRF token
 	if ctx := gitea_context.GetWebContext(req); ctx != nil {
-		ctx.Csrf.DeleteCookie(ctx)
+		ctx.Csrf.PrepareForSessionUser(ctx)
 	}
 }