var room_number = 0;\r
if(typeof(req.query.rno) != "undefined")\r
room_number = req.query.rno;\r
- res.render("chat",{rno:room_number,token:info.token});\r
+ res.render("chat",{rno:room_number,token:req.session._csrf});\r
}\r
\r
function auth_proc(user, pass) {\r
}\r
\r
function admin_postproc(req,res){\r
- if(req.session.items.token != req.body.token)\r
- {\r
- res.send(resource.invaild_token_message);\r
- return;\r
- }\r
if(typeof(req.body.erase) != "undefined")\r
{\r
removeLog(req.body.file,function(){\r
files: list,\r
log_directory:$log_directory,\r
ipbanlist:iplist,\r
- token:info.token,\r
+ token:req.session._csrf,\r
roomlist:$rooms.GetString()\r
});\r
});\r
result = "failed get from session store";\r
else if(err)\r
result = err;\r
- else if(handshakeData.query.token != session.items.token)\r
+ else if(handshakeData.query.token != session._csrf)\r
result = "invaild token";\r
if(typeof(session) != "undefined" && result == null)\r
handshakeData.sessionID = sessionID;\r