Skipping Setting of cookies except admin

schilbach · schilbach · commit 6c37efd7c84d · 2018-05-23T21:21:38.000+02:00
diff --git a/evaluationserver/app/controllers/administration_controller.rb b/evaluationserver/app/controllers/administration_controller.rb
@@ -1,11 +1,13 @@
 class AdministrationController < ApplicationController
 
   def admin_mode_on
+    request.session_options[:skip] = false
     session[:admin] = true
     redirect_back(fallback_location: root_path)
   end
 
   def admin_mode_off
+    request.session_options[:skip] = false
     session.delete(:admin)
     redirect_back(fallback_location: root_path)
   end
diff --git a/evaluationserver/app/controllers/application_controller.rb b/evaluationserver/app/controllers/application_controller.rb
@@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
-
+  
   before_action :set_cache_headers
 
   CREDENTIALS = {
@@ -47,6 +47,7 @@ def set_cache_headers
     response.headers["Cache-Control"] = "no-cache, no-store"
     response.headers["Pragma"] = "no-cache"
     response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
+    request.session_options[:skip] = true
   end
 
 end
