diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index f8ed9ec6d..485904051 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -4,6 +4,7 @@ module Authentication included do # Checking for tenant must happen first so we redirect before trying to access the db. before_action :require_tenant + prepend_before_action :clear_old_scoped_session_cookies before_action :require_authentication helper_method :authenticated? @@ -51,6 +52,12 @@ module Authentication end end + def clear_old_scoped_session_cookies + if request.script_name.present? && cookies.signed[:session_token].present? && !find_session_by_cookie + cookies.signed[:session_token] = { value: "invalid-session-token", path: request.script_name, expires: 1.hour.ago } + end + end + def find_session_by_cookie Session.find_signed(cookies.signed[:session_token]) end diff --git a/app/models/membership.rb b/app/models/membership.rb index 3a5997d5b..ac6e99c50 100644 --- a/app/models/membership.rb +++ b/app/models/membership.rb @@ -17,7 +17,7 @@ class Membership < UntenantedRecord def account_name ApplicationRecord.with_tenant(tenant) { Account.sole.name } - rescue ActiveRecord::Tenanted::TenantDoesNotExistError + rescue ActiveRecord::Tenanted::TenantDoesNotExistError, ActiveRecord::RecordNotFound nil end