Delete legacy cookie before setting new cookie (#31306)

Try to fix #31202
pull/31307/head^2
wxiaoguang 5 months ago committed by GitHub
parent 1844dc6c1d
commit 5342a61124
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 8
      modules/web/middleware/cookie.go

@ -35,6 +35,10 @@ func GetSiteCookie(req *http.Request, name string) string {
// SetSiteCookie returns given cookie value from request header.
func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
// Previous versions would use a cookie path with a trailing /.
// These are more specific than cookies without a trailing /, so
// we need to delete these if they exist.
deleteLegacySiteCookie(resp, name)
cookie := &http.Cookie{
Name: name,
Value: url.QueryEscape(value),
@ -46,10 +50,6 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
SameSite: setting.SessionConfig.SameSite,
}
resp.Header().Add("Set-Cookie", cookie.String())
// Previous versions would use a cookie path with a trailing /.
// These are more specific than cookies without a trailing /, so
// we need to delete these if they exist.
deleteLegacySiteCookie(resp, name)
}
// deleteLegacySiteCookie deletes the cookie with the given name at the cookie

Loading…
Cancel
Save