From f647f7bdea7f92d9ca9cee279cc1f58421165c88 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Tue, 19 Feb 2019 18:26:33 -0600 Subject: [PATCH] Clear session ids when deleting an account --- src/invidious.cr | 1 + 1 file changed, 1 insertion(+) diff --git a/src/invidious.cr b/src/invidious.cr index fa4f7ac0..1ff94929 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -1664,6 +1664,7 @@ post "/delete_account" do |env| view_name = "subscriptions_#{sha256(user.email)[0..7]}" PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}") PG_DB.exec("DELETE FROM users * WHERE email = $1", user.email) + PG_DB.exec("DELETE FROM session_ids * WHERE email = $1", user.email) env.request.cookies.each do |cookie| cookie.expires = Time.new(1990, 1, 1)