diff options
| author | Jonathan Tran <jonnytran@gmail.com> | 2024-04-14 06:46:56 +0200 |
|---|---|---|
| committer | Gergely Nagy <forgejo@gergo.csillger.hu> | 2024-04-15 20:01:36 +0200 |
| commit | 7ff74a47c8d3222160437affcf56b4ab7a819aa5 (patch) | |
| tree | a67434498d87b116c68a3ef18098d4a7e926828f /modules/session | |
| parent | Add `interface{}` to `any` replacement to `make fmt`, exclude `*.pb.go` (#30461) (diff) | |
| download | forgejo-7ff74a47c8d3222160437affcf56b4ab7a819aa5.tar.xz forgejo-7ff74a47c8d3222160437affcf56b4ab7a819aa5.zip | |
fix: Fix to delete cookie when AppSubURL is non-empty (#30375)
Cookies may exist on "/subpath" and "/subpath/" for some legacy reasons (eg: changed CookiePath behavior in code). The legacy cookie should be removed correctly.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit b18c04ebde94e23d97da4958173faea843d5344f)
Diffstat (limited to 'modules/session')
| -rw-r--r-- | modules/session/store.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/session/store.go b/modules/session/store.go index 4fa4d2848f..2f7ab7760b 100644 --- a/modules/session/store.go +++ b/modules/session/store.go @@ -6,6 +6,9 @@ package session import ( "net/http" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/web/middleware" + "gitea.com/go-chi/session" ) @@ -18,6 +21,10 @@ type Store interface { // RegenerateSession regenerates the underlying session and returns the new store func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) { + // Ensure that a cookie with a trailing slash does not take precedence over + // the cookie written by the middleware. + middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName) + s, err := session.RegenerateSession(resp, req) return s, err } |