only store partial hash in cookies for validation

2013-03-05 16:49:09 -05:00
parent f52181db94
commit 5ab9887923
4 changed files with 10 additions and 6 deletions
--- a/app/logical/session_loader.rb
+++ b/app/logical/session_loader.rb
@@ -41,7 +41,7 @@ private
  end
  
  def cookie_password_hash_valid?
-    cookies[:password_hash] && User.authenticate_cookie_hash(cookies.signed[:user_name], cookies.signed[:password_hash])
+    cookies[:password_hash] && User.authenticate_cookie_hash(cookies.signed[:user_name], cookies[:password_hash])
  end
  
  def update_last_logged_in_at