From 57335a811066cb23b329cbb4cdcd820d261b650c Mon Sep 17 00:00:00 2001
From: Joe Rafaniello <jrafanie@gmail.com>
Date: Tue, 29 Jul 2025 18:20:50 -0400
Subject: [PATCH] [WIP] Skip saving session for dashboard/widget*_data

TODO: Determine if we can filter this to just GET requests and if we
need to watch for the CSRF protections which generally require saving
cookies.
---
 app/controllers/dashboard_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 5495cf8d0c1..be976c5990c 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -16,6 +16,12 @@ class DashboardController < ApplicationController
                                                  external_authenticate kerberos_authenticate saml_login oidc_login]
   after_action :cleanup_action,    :except => %i[csp_report]
 
+  after_action :skip_session
+
+  def skip_session
+    request.session_options[:skip] = %w[widget_chart_data widget_report_data].include?(action_name)
+  end
+
   def index
     redirect_to(:action => 'show')
   end