[Users] Delete session on invalid user_id

Not a problem for prod but can happen for dev because of database resets Fixes #515
2023-05-08 18:09:09 +02:00 · 2023-05-08 18:09:09 +02:00 · 384766b311
commit 384766b311
parent 34c058a794
1 changed files with 2 additions and 1 deletions
--- a/app/logical/session_loader.rb
+++ b/app/logical/session_loader.rb
@ -103,8 +103,9 @@ private

  def load_session_user
    user = User.find_by_id(session[:user_id])
+    raise AuthenticationFailure if user.nil?
    return if session[:ph] != user.password_token
-    CurrentUser.user = user if user
+    CurrentUser.user = user
  end

  def update_last_logged_in_at