7 files changed, 39 insertions, 12 deletions

diff --git a/api/context.go b/api/context.go
index 117fff708..f8953f547 100644
--- a/api/context.go
+++ b/api/context.go
@@ -185,6 +185,20 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	// TEMPORARY CODE FOR 3.9, REMOVE FOR 3.10
+	if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil && c.Session.UserId != "" {
+		if _, err = r.Cookie(model.SESSION_COOKIE_USER); err != nil {
+			http.SetCookie(w, &http.Cookie{
+				Name:    model.SESSION_COOKIE_USER,
+				Value:   c.Session.UserId,
+				Path:    "/",
+				MaxAge:  cookie.MaxAge,
+				Expires: cookie.Expires,
+				Secure:  cookie.Secure,
+			})
+		}
+	}
+
 	if h.isApi || h.isTeamIndependent {
 		c.setTeamURL(c.GetSiteURLHeader(), false)
 		c.Path = r.URL.Path
@@ -357,7 +371,15 @@ func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
 		HttpOnly: true,
 	}
 
+	userCookie := &http.Cookie{
+		Name:   model.SESSION_COOKIE_USER,
+		Value:  "",
+		Path:   "/",
+		MaxAge: -1,
+	}
+
 	http.SetCookie(w, cookie)
+	http.SetCookie(w, userCookie)
 }
 
 func (c *Context) SetInvalidParam(where string, name string) {
diff --git a/app/login.go b/app/login.go
index 4c7ab8474..4f9284140 100644
--- a/app/login.go
+++ b/app/login.go
@@ -122,7 +122,17 @@ func DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId
 		Secure:   secure,
 	}
 
+	userCookie := &http.Cookie{
+		Name:    model.SESSION_COOKIE_USER,
+		Value:   user.Id,
+		Path:    "/",
+		MaxAge:  maxAge,
+		Expires: expiresAt,
+		Secure:  secure,
+	}
+
 	http.SetCookie(w, sessionCookie)
+	http.SetCookie(w, userCookie)
 
 	return session, nil
 }
diff --git a/model/session.go b/model/session.go
index 90cebe59d..38d1c91f1 100644
--- a/model/session.go
+++ b/model/session.go
@@ -11,6 +11,7 @@ import (
 
 const (
 	SESSION_COOKIE_TOKEN  = "MMAUTHTOKEN"
+	SESSION_COOKIE_USER   = "MMUSERID"
 	SESSION_CACHE_SIZE    = 35000
 	SESSION_PROP_PLATFORM = "platform"
 	SESSION_PROP_OS       = "os"
diff --git a/webapp/actions/global_actions.jsx b/webapp/actions/global_actions.jsx
index 8d3eddfd9..ed434fdc7 100644
--- a/webapp/actions/global_actions.jsx
+++ b/webapp/actions/global_actions.jsx
@@ -457,7 +457,7 @@ export function clientLogout(redirectTo = '/') {
     ChannelStore.clear();
     stopPeriodicStatusUpdates();
     WebsocketActions.close();
-    localStorage.removeItem('currentUserId');
+    document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
     window.location.href = redirectTo;
 }
 
diff --git a/webapp/actions/user_actions.jsx b/webapp/actions/user_actions.jsx
index 8dfc819b9..377a11020 100644
--- a/webapp/actions/user_actions.jsx
+++ b/webapp/actions/user_actions.jsx
@@ -51,8 +51,6 @@ import {getTeamMembersByIds, getMyTeamMembers} from 'mattermost-redux/actions/te
 export function loadMe(callback) {
     loadMeRedux()(dispatch, getState).then(
         () => {
-            localStorage.setItem('currentUserId', UserStore.getCurrentId());
-
             if (callback) {
                 callback();
             }
@@ -741,7 +739,6 @@ export function webLogin(loginId, password, token, success, error) {
     login(loginId, password, token)(dispatch, getState).then(
         (ok) => {
             if (ok && success) {
-                localStorage.setItem('currentUserId', UserStore.getCurrentId());
                 success();
             } else if (!ok && error) {
                 const serverError = getState().requests.users.login.error;
diff --git a/webapp/root.jsx b/webapp/root.jsx
index 03595f85c..94645b661 100644
--- a/webapp/root.jsx
+++ b/webapp/root.jsx
@@ -13,7 +13,6 @@ import PDFJS from 'pdfjs-dist';
 import * as Websockets from 'actions/websocket_actions.jsx';
 import {loadMeAndConfig} from 'actions/user_actions.jsx';
 import ChannelStore from 'stores/channel_store.jsx';
-import UserStore from 'stores/user_store.jsx';
 import * as I18n from 'i18n/i18n.jsx';
 
 // Import our styles
@@ -61,9 +60,7 @@ function preRenderSetup(callwhendone) {
 
     setUrl(window.location.origin);
 
-    const currentUserId = localStorage.getItem('currentUserId');
-
-    if (currentUserId) {
+    if (document.cookie.indexOf('MMUSERID=') > -1) {
         loadMeAndConfig(() => d1.resolve());
     } else {
         getClientConfig()(store.dispatch, store.getState).then(
@@ -85,7 +82,7 @@ function preRenderSetup(callwhendone) {
          () => {
              // Turn off to prevent getting stuck in a loop
              $(window).off('beforeunload');
-             if (UserStore.getCurrentUser()) {
+             if (document.cookie.indexOf('MMUSERID=') > -1) {
                  viewChannel('', ChannelStore.getCurrentId() || '')(dispatch, getState);
              }
              Websockets.close();
diff --git a/webapp/store/index.js b/webapp/store/index.js
index 1af7127e8..521181f8c 100644
--- a/webapp/store/index.js
+++ b/webapp/store/index.js
@@ -77,6 +77,9 @@ export default function configureStore(initialState) {
 
                     persistor.purge();
 
+                    document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
+                    window.location.href = '/';
+
                     store.dispatch(batchActions([
                         {
                             type: General.OFFLINE_STORE_RESET,
@@ -84,9 +87,6 @@ export default function configureStore(initialState) {
                         }
                     ]));
 
-                    localStorage.removeItem('currentUserId');
-                    window.location.href = '/';
-
                     setTimeout(() => {
                         purging = false;
                     }, 500);