Revert "Fix websocket csrf checking"

This reverts commit e628df8658c57f6943b6d3612e1077618e5a168a.

This appears to cause problems with non-cookie login of the console
websocket.  This appears to be a gap in both our testing, and things
that we have scripting to do, but clearly it's a change in behavior, so
if we want to change the behavior, we should do it intentionally, and
clearly, ideally with a path to make clients work, or an explicit
documentation that the webui is the only supported client.

Change-Id: I334257e1355a5b8431cb7ecfe58ef8a942f4981c
Signed-off-by: Ed Tanous <edtanous@google.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/include/sessions.hpp b/include/sessions.hpp
index 26b30306fa..98912e827a 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -39,6 +39,7 @@ struct UserSession
     std::string clientIp;
     std::chrono::time_point<std::chrono::steady_clock> lastUpdated;
     PersistenceType persistence{PersistenceType::TIMEOUT};
+    bool cookieAuth = false;
     bool isConfigureSelfOnly = false;
     std::string userRole{};
     std::vector<std::string> userGroups{};
@@ -257,7 +258,7 @@ class SessionStore
         auto session = std::make_shared<UserSession>(UserSession{
             uniqueId, sessionToken, std::string(username), csrfToken, clientId,
             redfish::ip_util::toString(clientIp),
-            std::chrono::steady_clock::now(), persistence,
+            std::chrono::steady_clock::now(), persistence, false,
             isConfigureSelfOnly});
         auto it = authTokens.emplace(sessionToken, session);
         // Only need to write to disk if session isn't about to be destroyed.