From d90cfffa3f8bfc72f6c52502dbb39c1ae1decadc Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 9 Sep 2018 21:44:51 -0600 Subject: [PATCH] Update DangerZone middleware to use session instead of cookie --- app/Http/Controllers/AccountController.php | 5 +++-- app/Http/Middleware/DangerZone.php | 10 ++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index c7ee49235..dad177f46 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -291,9 +291,10 @@ class AccountController extends Controller ]); $user = Auth::user(); $password = $request->input('password'); - $next = $request->cookie('redirectNext') ?:'/'; + $next = $request->session()->get('redirectNext', '/'); if(password_verify($password, $user->password) === true) { - return redirect($next)->withCookie('sudoMode', time()); + $request->session()->put('sudoMode', time()); + return redirect($next); } return redirect($next); } diff --git a/app/Http/Middleware/DangerZone.php b/app/Http/Middleware/DangerZone.php index 22a3d23f2..d1a1b4afb 100644 --- a/app/Http/Middleware/DangerZone.php +++ b/app/Http/Middleware/DangerZone.php @@ -20,11 +20,13 @@ class DangerZone return redirect(route('login')); } if(!$request->is('i/auth/sudo')) { - if( false == $request->cookie('sudoMode') ) { - return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url()); + if( !$request->session()->has('sudoMode') ) { + $request->session()->put('redirectNext', $request->url()); + return redirect('/i/auth/sudo'); } - if( $request->cookie('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) { - return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url()); + if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) { + $request->session()->put('redirectNext', $request->url()); + return redirect('/i/auth/sudo'); } } return $next($request);