diff options
| author | Giteabot <teabot@gitea.io> | 2024-04-14 20:27:36 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-14 12:27:36 +0000 |
| commit | e64926c5193e9ccc30b34f187d96c74d104179ae (patch) | |
| tree | f698b8b976ae290d620d30ad4c7895b5853ada85 /modules/session/store.go | |
| parent | 0352b992218d21af5937c11e52fb303f5792d607 (diff) | |
| download | gitea-e64926c5193e9ccc30b34f187d96c74d104179ae.tar.gz gitea-e64926c5193e9ccc30b34f187d96c74d104179ae.zip | |
fix: Fix to delete cookie when AppSubURL is non-empty (#30375) (#30469)
Backport #30375 by @jtran
Cookies may exist on "/subpath" and "/subpath/" for some legacy reasons
(eg: changed CookiePath behavior in code). The legacy cookie should be
removed correctly.
Co-authored-by: Jonathan Tran <jonnytran@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Diffstat (limited to 'modules/session/store.go')
| -rw-r--r-- | modules/session/store.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/session/store.go b/modules/session/store.go index 4fa4d2848f..2f7ab7760b 100644 --- a/modules/session/store.go +++ b/modules/session/store.go @@ -6,6 +6,9 @@ package session import ( "net/http" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/web/middleware" + "gitea.com/go-chi/session" ) @@ -18,6 +21,10 @@ type Store interface { // RegenerateSession regenerates the underlying session and returns the new store func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) { + // Ensure that a cookie with a trailing slash does not take precedence over + // the cookie written by the middleware. + middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName) + s, err := session.RegenerateSession(resp, req) return s, err } |