only store partial hash in cookies for validation

2013-03-05 16:49:09 -05:00
parent f52181db94
commit 5ab9887923
4 changed files with 10 additions and 6 deletions
--- a/app/logical/session_creator.rb
+++ b/app/logical/session_creator.rb
@@ -16,7 +16,7 @@ class SessionCreator
      
      if remember.present?
        cookies.permanent.signed[:user_name] = user.name
-        cookies.permanent.signed[:password_hash] = user.bcrypt_password_hash
+        cookies.permanent[:password_hash] = user.bcrypt_cookie_password_hash
      end
      
      session[:user_id] = user.id
--- a/app/logical/session_loader.rb
+++ b/app/logical/session_loader.rb
@@ -41,7 +41,7 @@ private
  end
  
  def cookie_password_hash_valid?
-    cookies[:password_hash] && User.authenticate_cookie_hash(cookies.signed[:user_name], cookies.signed[:password_hash])
+    cookies[:password_hash] && User.authenticate_cookie_hash(cookies.signed[:user_name], cookies[:password_hash])
  end
  
  def update_last_logged_in_at