Remove ability to revoke active session

Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
author: Imre Farkas <ifarkas@gitlab.com> 2019-02-25 16:52:40 +0300
committer: Imre Farkas <ifarkas@gitlab.com> 2019-02-27 13:45:27 +0300
commit: 038d530565bc64729706bbd9afad275699be459d (patch)
tree: 7cb6741e2490a943a8e3dc1e61011bc7e56385ae /app/controllers/profiles
parent: 44c4aad983570ea1832aa08c39f46dbc1b475fd3 (diff)
1 files changed, 0 insertions, 9 deletions
diff --git a/app/controllers/profiles/active_sessions_controller.rb b/app/controllers/profiles/active_sessions_controller.rb
index 6cf7a120449..c473023cacb 100644
--- a/app/controllers/profiles/active_sessions_controller.rb
+++ b/app/controllers/profiles/active_sessions_controller.rb
@@ -4,13 +4,4 @@ class Profiles::ActiveSessionsController < Profiles::ApplicationController
   def index
     @sessions = ActiveSession.list(current_user).reject(&:is_impersonated)
   end
-
-  def destroy
-    ActiveSession.destroy(current_user, params[:id])
-
-    respond_to do |format|
-      format.html { redirect_to profile_active_sessions_url, status: :found }
-      format.js { head :ok }
-    end
-  end
 end
author	Imre Farkas <ifarkas@gitlab.com>	2019-02-25 16:52:40 +0300
committer	Imre Farkas <ifarkas@gitlab.com>	2019-02-27 13:45:27 +0300
commit	038d530565bc64729706bbd9afad275699be459d (patch)
tree	7cb6741e2490a943a8e3dc1e61011bc7e56385ae /app/controllers/profiles
parent	44c4aad983570ea1832aa08c39f46dbc1b475fd3 (diff)