From b81149fa47edf38ebe2ed56e0653d3582cd96f91 2011-07-25 21:15:09
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2011-07-25 21:15:09
Subject: [PATCH] Remove autologin cookie on unverified request.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bfed52d..1a9eb16 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -27,7 +27,10 @@ class ApplicationController < ActionController::Base
   exempt_from_layout 'builder', 'rsb'
   
   protect_from_forgery
-
+  def handle_unverified_request
+    super
+    cookies.delete(:autologin)
+  end
   # Remove broken cookie after upgrade from 0.8.x (#4292)
   # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
   # TODO: remove it when Rails is fixed