get lo user: fix 401 loop by clearing session on bad nonce

2022-10-28 20:07:39 -05:00 · 2022-10-28 20:07:39 -05:00 · 1ee7ec323a
parent d1f01d2dd7
commit 1ee7ec323a
1 changed files with 3 additions and 1 deletions
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -49,7 +49,9 @@ def get_logged_in_user():
 				return None
 			else:
 				nonce = session.get("login_nonce", 0)
-				if nonce < v.login_nonce or v.id != id: abort(401)
+				if nonce < v.login_nonce or v.id != id:
+					session.clear()
+					return None

 				if request.method != "GET":
 					submitted_key = request.values.get("formkey")