store only UID in session vars, not complete user

2025-09-20 17:33:03 -06:00
parent d8648ace80
commit 5ea7c6d829
3 changed files with 7 additions and 9 deletions
@@ -49,7 +49,11 @@ type amContext struct {

 // CurrentUser returns the current user from the session.
 func (c *amContext) CurrentUser() *database.User {
-	return c.session.Values["user"].(*database.User)
+	u, err := database.AmGetUser(c.session.Values["user_id"].(int32))
+	if err != nil {
+		log.Errorf("unable to retrieve current user")
+	}
+	return u
 }

 // RC returns the HTTP result code for the current operation.
@@ -31,7 +31,7 @@ func SetupAmSession(session *sessions.Session) {
 	session.Values["temp"] = "Active"
 	u, err := database.AmGetAnonUser()
 	if err == nil {
-		session.Values["user"] = u
+		session.Values["user_id"] = u.Uid
 	} else {
 		log.Errorf("Unable to load anon user: %v", err)
 	}