From 74d0fbc8685200a14599b29074e8b2acd799d753 Mon Sep 17 00:00:00 2001
From: Pierce Lopez <pierce.lopez@gmail.com>
Date: Tue, 12 Dec 2017 19:14:53 -0500
Subject: [PATCH] more robust ClearSessionCookie()

default domain changed from request Host to blank, recently
try to clear cookies for both
---
 oauthproxy.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index f94aa6e..21e5dfc 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -300,7 +300,15 @@ func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, va
 }
 
 func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) {
-	http.SetCookie(rw, p.MakeSessionCookie(req, "", time.Hour*-1, time.Now()))
+	clr := p.MakeSessionCookie(req, "", time.Hour*-1, time.Now())
+	http.SetCookie(rw, clr)
+
+	// ugly hack because default domain changed
+	if p.CookieDomain == "" {
+		clr2 := *clr
+		clr2.Domain = req.Host
+		http.SetCookie(rw, &clr2)
+	}
 }
 
 func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string) {