Clear session ids when deleting an account

This commit is contained in:
Omar Roth 2019-02-19 18:26:33 -06:00
parent 06076c683f
commit f647f7bdea

View file

@ -1664,6 +1664,7 @@ post "/delete_account" do |env|
view_name = "subscriptions_#{sha256(user.email)[0..7]}" view_name = "subscriptions_#{sha256(user.email)[0..7]}"
PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}") PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}")
PG_DB.exec("DELETE FROM users * WHERE email = $1", user.email) PG_DB.exec("DELETE FROM users * WHERE email = $1", user.email)
PG_DB.exec("DELETE FROM session_ids * WHERE email = $1", user.email)
env.request.cookies.each do |cookie| env.request.cookies.each do |cookie|
cookie.expires = Time.new(1990, 1, 1) cookie.expires = Time.new(1990, 1, 1)