From 47fedd8f4d877906fdc354a267b626db3a6d8a2e Mon Sep 17 00:00:00 2001
From: Sam Saffron <sam.saffron@gmail.com>
Date: Sun, 24 Feb 2013 22:56:08 +1100
Subject: [PATCH] correct breakage don't set permanent cookie, kill session if
 it conflicts

---
 app/models/user.rb  | 4 ++--
 lib/current_user.rb | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 5a8615b8d..7173ed77c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -293,8 +293,8 @@ class User < ActiveRecord::Base
 
   def update_ip_address!(new_ip_address)
     if (ip_address != new_ip_address) and new_ip_address.present?
-      @current_user.ip_address = new_ip_address
-      @current_user.update_column(:ip_address, new_ip_address)
+      ip_address = new_ip_address
+      update_column(:ip_address, new_ip_address)
     end
   end
 
diff --git a/lib/current_user.rb b/lib/current_user.rb
index 085988307..943ad1618 100644
--- a/lib/current_user.rb
+++ b/lib/current_user.rb
@@ -34,9 +34,11 @@ module CurrentUser
     else
       @current_user ||= User.where(id: session[:current_user_id]).first
       
-      # cookie recovery from session, we have been messing with it, fix it up
+      # I have flip flopped on this (sam), if our permanent cookie
+      #  conflicts with our current session assume session is bust
+      #  kill it
       if @current_user && cookies["_t"] != @current_user.auth_token
-        set_permanent_cookie!(@current_user)
+        @current_user = nil
       end
 
     end