Skipping the "magic cookie" intended for Varnishd. Will rather use headers to be picked up by Varnishd.

Added an after filter in application_controller that sets a header to be picked up by Varnishd

4 files changed, 15 insertions, 17 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 07805e7..00318d7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -25,6 +25,8 @@ class ApplicationController < ActionController::Base
   before_filter :public_and_logged_in
   before_filter :require_current_eula
   
+  after_filter :mark_login_status
+  
   layout :pick_layout_based_on_site
   
   rescue_from ActiveRecord::RecordNotFound, :with => :render_not_found
@@ -168,6 +170,12 @@ class ApplicationController < ActionController::Base
       login_required unless GitoriousConfig['public_mode']
     end
     
+    def mark_login_status
+      if logged_in?
+        headers['X-Logged-In'] = "true" 
+      end
+    end
+    
     # turns ["foo", "bar"] route globbing parameters into "foo/bar"
     def desplat_path(*paths)
       paths.flatten.compact.map{|p| CGI.unescape(p) }.join("/")
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 341f827..8207369 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -40,7 +40,6 @@ class SessionsController < ApplicationController
   def destroy
     self.current_user.forget_me if logged_in?
     cookies.delete :auth_token
-    clear_varnish_auth_cookie
     reset_session
     flash[:notice] = "You have been logged out."
     redirect_back_or_default('/')
diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb
index ae18f0d..9be68d1 100644
--- a/lib/authenticated_system.rb
+++ b/lib/authenticated_system.rb
@@ -15,21 +15,9 @@ module AuthenticatedSystem
     # Store the given user in the session.
     def current_user=(new_user)
       session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
-      set_varnish_auth_cookie
       @current_user = new_user
     end
     
-    def set_varnish_auth_cookie
-      cookies[:authenticated] = {
-        :value => "true",
-        :domain => ".#{GitoriousConfig['gitorious_host']}",
-        :expires => 3.weeks.from_now,
-      }
-    end
-    
-    def clear_varnish_auth_cookie
-      cookies.delete :authenticated, :domain => ".#{GitoriousConfig['gitorious_host']}"
-    end
     
     # Check if the user is authorized
     #
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
index 788395e..8c11990 100644
--- a/test/functional/sessions_controller_test.rb
+++ b/test/functional/sessions_controller_test.rb
@@ -126,14 +126,17 @@ class SessionsControllerTest < ActionController::TestCase
   context 'Bypassing cachíng for authenticated users' do
     should 'be set when logging in' do
       post :create, :email => "johan@johansorensen.com", :password => "test"
-      assert_not_nil cookies['authenticated']
+      assert_not_nil @response.headers['X-Logged-In']
     end
     
     should 'be removed when logging out' do
       post :create, :email => "johan@johansorensen.com", :password => "test"
-      assert_not_nil cookies['authenticated']
-      delete :destroy
-      assert_nil cookies['authenticated']
+      assert_not_nil @response.headers['X-Logged-In']
+    end
+    
+    should 'not be set when logging in with incorrect password' do
+      get :create, :email => 'johan@johansorensen.com', :password => 'haxx'
+      assert_nil @response.headers['X-Logged-In']
     end
   end
 end