Properly delete stale session_id from db and cookies

osmus · Oct 4, 2024 · f730530 · f730530
1 parent 602c9b0
commit f730530
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 12 deletions.
diff --git a/images/dashboard/src/routes/login_routes.py b/images/dashboard/src/routes/login_routes.py
@@ -58,7 +58,7 @@ def test_page(request: Request, db: Session = Depends(get_db)):
 
 @router.get("/initialize_session", tags=["OSM Session Sandbox"], response_model=SessionResponse)
 def initialize_session(request: Request, box: str = Query(...), end_redirect_uri: str = None, db: Session = Depends(get_db)):
-    """Generate and save a new cookie_id"""
+    """Generate and save a new session_id"""
     logging.info("Accessed /initialize_session endpoint")
     if not is_box_running(db, box):
         raise HTTPException(
@@ -79,9 +79,9 @@ def initialize_session(request: Request, box: str = Query(...), end_redirect_uri
             "created_at": new_session.created_at.isoformat(),
         }
     )
-    # Set cookie_id with session_id
-    response.set_cookie(key="cookie_id", value=session_id)
-    logging.info("Generated new cookie_id and saved to database")
+    # Set session_id with session_id
+    response.set_cookie(key="session_id", value=session_id)
+    logging.info("Generated new session_id and saved to database")
     return response
 
 
@@ -121,7 +121,7 @@ async def redirect_sandbox(request: Request, code: str, db: Session = Depends(ge
         logging.info(f"Fetched user details for: {display_name}")
 
         # Here is where it gets the session id
-        session_id = request.cookies.get("cookie_id")
+        session_id = request.cookies.get("session_id")
         if session_id:
             session_obj = update_user_session(db, session_id, display_name)
 
@@ -136,14 +136,17 @@ async def redirect_sandbox(request: Request, code: str, db: Session = Depends(ge
                 user = session_obj.user
                 end_redirect_uri = f"https://{box}.{domain}/login?user={user}"
 
-            db.delete(session_obj)
+            db_session = db.query(Sessions).filter(Sessions.id == session_id).first()
+            db.delete(db_session)
             db.commit()
             logging.info(f"Deleted session for session_id: {session_id}")
 
             logging.info(f"Redirecting to URL: {end_redirect_uri}")
-            return RedirectResponse(url=end_redirect_uri)
+            response = RedirectResponse(url=end_redirect_uri)
+            response.delete_cookie("session_id")
+            return response
         else:
-            logging.error("Cookie ID not found")
+            logging.error("Session ID not found in cookies")
             raise HTTPException(status_code=404, detail="Check if instance exists")
     except Exception as e:
         logging.error(f"An error occurred: {e}")

diff --git a/images/dashboard/src/utils/sandbox_sessions.py b/images/dashboard/src/utils/sandbox_sessions.py
@@ -9,20 +9,20 @@ def model_to_dict(model):
     return {column.name: getattr(model, column.name) for column in model.__table__.columns}
 
 
-def save_update_box_session(db: Session, cookie_id: str, box: str):
+def save_update_box_session(db: Session, session_id: str, box: str):
     """Save or update session and box name
 
     Args:
         db (Session): database session
-        cookie_id (str): cookie unique identifier
+        session_id (str): cookie unique identifier
         box (str): box name
     """
     try:
-        db_session = db.query(Sessions).filter_by(id=cookie_id).first()
+        db_session = db.query(Sessions).filter_by(id=session_id).first()
         if db_session:
             db_session.box = box
         else:
-            db_session = Sessions(id=cookie_id, box=box)
+            db_session = Sessions(id=session_id, box=box)
             db.add(db_session)
         db.commit()
         db.refresh(db_session)