more robust ClearSessionCookie()

default domain changed from request Host to blank, recently
try to clear cookies for both
This commit is contained in:
Pierce Lopez 2017-12-12 19:14:53 -05:00
parent d75f626cdd
commit 74d0fbc868

View File

@ -300,7 +300,15 @@ func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, va
} }
func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) { func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) {
http.SetCookie(rw, p.MakeSessionCookie(req, "", time.Hour*-1, time.Now())) clr := p.MakeSessionCookie(req, "", time.Hour*-1, time.Now())
http.SetCookie(rw, clr)
// ugly hack because default domain changed
if p.CookieDomain == "" {
clr2 := *clr
clr2.Domain = req.Host
http.SetCookie(rw, &clr2)
}
} }
func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string) { func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string) {