Skip to content

Commit

Permalink
Redirect to login on expired legacy session (plausible#4523)
Browse files Browse the repository at this point in the history 
After refactor, it turned out that when the _legacy_ session times out,
the conn is halted but no body is sent. This results in 500 error (`Plug.Conn.NotSentError`).

This PR fixes it by redirecting to login page.
  • Loading branch information
@zoldar
zoldar authored Sep 3, 2024
1 parent 530d290 commit d0619aa
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions lib/plausible_web/plugs/session_timeout_plug.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ defmodule PlausibleWeb.SessionTimeoutPlug do
user_id && timeout_at && now() > timeout_at ->
conn
|> PlausibleWeb.UserAuth.log_out_user()
|> Phoenix.Controller.redirect(to: "/login")
|> halt()

user_id ->
Expand Down
2 changes: 2 additions & 0 deletions test/plausible_web/plugs/session_timeout_plug_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,7 @@ defmodule PlausibleWeb.SessionTimeoutPlugTest do
|> SessionTimeoutPlug.call(@opts)

assert conn.private[:plug_session_info] == :renew
assert conn.halted
assert Phoenix.ConnTest.redirected_to(conn, 302) == "/login"
end
end

0 comments on commit d0619aa

Please sign in to comment.