Merge pull request #5 from sebgie/cookies

Revert sessions to cookieSessions

Author: ErisDS

core/server.js

@@ -275,14 +275,9 @@ when(ghost.init()).then(function () {
     // Session handling
     // Pro tip: while in development mode cookieSession can be used
     // to keep you logged in while restarting the server
-    server.use(express.cookieParser());
-    if (process.env.NODE_ENV === 'development'
-            && ghost.config().hasOwnProperty('useCookieSession')
-            && ghost.config().useCookieSession) {
-        server.use(express.cookieSession({ secret: ghost.dbHash, cookie: { maxAge: 60000000 }}));
-    } else {
-        server.use(express.session({ secret: ghost.dbHash, cookie: { maxAge: 60000000 }}));
-    }
+    server.use(express.cookieParser(ghost.dbHash));
+    server.use(express.cookieSession({ cookie : { maxAge: 12 * 60 * 60 * 1000 }}));
+
 
     //enable express csrf protection
     server.use(express.csrf());

core/server/controllers/admin.js

@@ -136,21 +136,9 @@ adminControllers = {
         if (!denied) {
             loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
             api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
-                if (process.env.NODE_ENV === 'development'
-                        && ghost.config().hasOwnProperty('useCookieSession')
-                        && ghost.config().useCookieSession) {
-                    req.session.user = user.id;
-                    res.json(200, {redirect: req.body.redirect ? '/ghost/'
-                        + decodeURIComponent(req.body.redirect) : '/ghost/'});
-                } else {
-                    req.session.regenerate(function (err) {
-                        if (!err) {
-                            req.session.user = user.id;
-                            res.json(200, {redirect: req.body.redirect ? '/ghost/'
-                                + decodeURIComponent(req.body.redirect) : '/ghost/'});
-                        }
-                    });
-                }
+                req.session.user = user.id;
+                res.json(200, {redirect: req.body.redirect ? '/ghost/'
+                    + decodeURIComponent(req.body.redirect) : '/ghost/'});
             }, function (error) {
                 res.json(401, {error: error.message});
             });
@@ -190,23 +178,10 @@ adminControllers = {
             password: password
         }).then(function (user) {
             api.settings.edit('email', email).then(function () {
-                if (process.env.NODE_ENV === 'development'
-                        && ghost.config().hasOwnProperty('useCookieSession')
-                        && ghost.config().useCookieSession) {
-                    if (req.session.user === undefined) {
-                        req.session.user = user.id;
-                    }
-                    res.json(200, {redirect: '/ghost/'});
-                } else {
-                    req.session.regenerate(function (err) {
-                        if (!err) {
-                            if (req.session.user === undefined) {
-                                req.session.user = user.id;
-                            }
-                            res.json(200, {redirect: '/ghost/'});
-                        }
-                    });
+                if (req.session.user === undefined) {
+                    req.session.user = user.id;
                 }
+                res.json(200, {redirect: '/ghost/'});
             });
         }).otherwise(function (error) {
             res.json(401, {error: error.message});
@@ -254,13 +229,7 @@ adminControllers = {
         }).otherwise(errors.logAndThrowError);
     },
     'logout': function (req, res) {
-        if (process.env.NODE_ENV === 'development'
-                && ghost.config().hasOwnProperty('useCookieSession')
-                && ghost.config().useCookieSession) {
-            delete req.session.user;
-        } else {
-            req.session.destroy();
-        }
+        req.session = null;
         var notification = {
             type: 'success',
             message: 'You were successfully signed out',
@@ -400,13 +369,7 @@ adminControllers = {
                     };
 
                     return api.notifications.add(notification).then(function () {
-                        if (process.env.NODE_ENV === 'development'
-                                && ghost.config().hasOwnProperty('useCookieSession')
-                                && ghost.config().useCookieSession) {
-                            delete req.session.user;
-                        } else {
-                            req.session.destroy();
-                        }
+                        req.session = null;
                         res.set({
                             "X-Cache-Invalidate": "/*"
                         });