20190718140450_forget_insecure_sessions.rb 546 B

1234567891011121314
  1. # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
  2. # This migration removes all pre-existing user sessions
  3. # so that they can be replaced with sessions that use "secure cookies".
  4. # It is skipped on non-HTTPS deployments
  5. # because those are incompatible with secure cookies anyway.
  6. class ForgetInsecureSessions < ActiveRecord::Migration[5.2]
  7. def up
  8. return if !Setting.exists?(name: 'system_init_done')
  9. return if Setting.get('http_type') != 'https'
  10. ActiveRecord::SessionStore::Session.destroy_all
  11. end
  12. end