dkam/clinch
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bug with session deletion when logout forced and we have a redirect to follow

Browse Source
This commit is contained in:
Dan Milne
2026-01-05 12:11:52 +11:00
parent 074a734c0c
commit 8110d547dd
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/totp_controller.rb
View File

@@ -106,7 +106,12 @@ class TotpController < ApplicationController
session[:return_to_after_authenticating] = session.delete(:totp_redirect_url)
end
# Preserve return URL across session boundary for max_age flow
preserved_return_url = session[:return_to_after_authenticating]
start_new_session_for @user
if preserved_return_url.present? && session[:return_to_after_authenticating].blank?
session[:return_to_after_authenticating] = preserved_return_url
end
redirect_to after_authentication_url, notice: "Two-factor authentication enabled. Signed in successfully.", allow_other_host: true
end