20190718140450_forget_insecure_sessions.rb 469 B

123456789101112
  1. # This migration removes all pre-existing user sessions
  2. # so that they can be replaced with sessions that use "secure cookies".
  3. # It is skipped on non-HTTPS deployments
  4. # because those are incompatible with secure cookies anyway.
  5. class ForgetInsecureSessions < ActiveRecord::Migration[5.2]
  6. def up
  7. return if !Setting.find_by(name: 'system_init_done')
  8. return if Setting.get('http_type') != 'https'
  9. ActiveRecord::SessionStore::Session.destroy_all
  10. end
  11. end