systemConnect error should not delete drupal cookie and csrf token

Question

systemConnect error should not delete drupal cookie and csrf token

Opened this issue 9 years ago · 0 comments

I'm using this in an app. If the app attempts to run systemConnect and for some reason get an error the code currently is set to delete the cookies, thus wiping out an otherwise valid session. The next time that systemConnect runs the user is effectively logged out.

Thanks for your hard work on this.

xhr.onerror = function (e) {
        console.log("There was an error calling systemConnect: ");
        console.log(e);

        // since systemConnect failed, will need a new csrf and session
        Settings.setString(self.settingsPrefix + "X-CSRF-Token", null);
        Settings.setString(self.settingsPrefix + "Drupal-Cookie", null);

        failure(e);
    };

P.S. the 'null token' issue mentioned in another bug report is in the same function

Drupal.prototype.systemConnect = function (success, failure) {

    var self = this;

    // if session exists, token will be required
    var token = Settings.getString(this.settingsPrefix + "X-CSRF-Token");

    if (!token || token == "null" || token.length < 10) {
        console.log("will request token before systemConnect");
        self.getCsrfToken(
            function () {
                self.systemConnect(success, failure);
            },
            function (err) {
                failure(err);
            }
        );
        return false;
    } else {
        console.log("will systemConnect with token "+token);
    }