userpage: store refresh token separately

stored as "user-refresh" fixes weird issues when two accounts are logged in.
2026-01-18 16:47:42 +01:00 · 2023-06-18 12:30:23 +01:00
parent 5beeeb958b
commit 75dc9d4d1d
3 changed files with 7 additions and 7 deletions
--- a/user-auth.go
+++ b/user-auth.go
@@ -60,7 +60,7 @@ func (app *appContext) getUserTokenLogin(gc *gin.Context) {
 	}

 	app.debug.Printf("Token generated for non-admin user \"%s\"", username)
-	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
+	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
 	gc.JSON(200, getTokenDTO{token})
 }

@@ -79,7 +79,7 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
 	}

 	app.info.Println("UserToken request (refresh token)")
-	claims, ok := app.decodeValidateRefreshCookie(gc)
+	claims, ok := app.decodeValidateRefreshCookie(gc, "user-refresh")
 	if !ok {
 		return
 	}
@@ -93,6 +93,6 @@ func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
 		return
 	}

-	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
+	gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
 	gc.JSON(200, getTokenDTO{jwt})
 }