more robust ClearSessionCookie()

default domain changed from request Host to blank, recently try to clear cookies for both
2017-12-12 19:14:53 -05:00 · 2017-12-12 19:14:53 -05:00 · 74d0fbc868
commit 74d0fbc868
parent d75f626cdd
1 changed files with 9 additions and 1 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -300,7 +300,15 @@ func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, va
 }

 func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) {
-	http.SetCookie(rw, p.MakeSessionCookie(req, "", time.Hour*-1, time.Now()))
+	clr := p.MakeSessionCookie(req, "", time.Hour*-1, time.Now())
+	http.SetCookie(rw, clr)
+
+	// ugly hack because default domain changed
+	if p.CookieDomain == "" {
+		clr2 := *clr
+		clr2.Domain = req.Host
+		http.SetCookie(rw, &clr2)
+	}
 }

 func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string) {