band-aid fix for frozen session issue on signup #50

Merged

Snakes merged 11 commits from :fix-bad-cookies into master

2022-12-06 22:07:13 +00:00

Author	SHA1	Message	Date
justcool393	b9500ee009	remove duplicate error text	2022-12-06 15:43:19 -06:00
justcool393	876014af8d	testing on devrama redux	2022-12-06 15:39:40 -06:00
justcool393	6662948452	signup: flex tape solution is to wipe a users session if signup fails for a bad signup token	2022-12-06 15:34:07 -06:00
justcool393	7ad4f6d898	add browser specific help text	2022-12-06 14:46:57 -06:00
justcool393	379ebda08d	don't set session_cookie_domain on startup	2022-12-06 14:35:56 -06:00
justcool393	3ecfc907ef	add helpful note on bad submission tokens	2022-12-06 14:33:34 -06:00
justcool393	c2e63a8867	remove fix frozen sessions helper it doesn't work whatever	2022-12-06 14:31:57 -06:00
justcool393	c7fbc39e5f	CF cookie: improve reliability	2022-12-06 14:28:45 -06:00
justcool393	f8cfe7cf82	move cookie domain setting to before_request	2022-12-06 14:24:18 -06:00
justcool393	8038b5ca05	the issue may actually be the '.'s not the other way around	2022-12-06 13:09:16 -06:00
justcool393	6fc99839ce	hopefully fix for the frozen session issue through some reason or another, people are somehow get cookies that aren't prepended with a dot. this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc. this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot). we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway). this may log some people out, but... their days of being able to do stuff on the site were numbered anyway.	2022-12-06 12:05:17 -06:00