(NOBIDS) frontend: invalidate old cookies

gobitfly · May 21, 2024 · d955241 · d955241
1 parent 4960a41
commit d955241
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/handlers/auth.go b/handlers/auth.go
@@ -183,6 +183,19 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		RedirectData: redirectData}
 	data.Meta.NoTrack = true
 
+	if utils.Config.Frontend.SessionCookieDeriveDomainFromRequest {
+		// delete old cookie
+		c := &http.Cookie{
+			Name:     utils.SessionStore.SCS.Cookie.Name,
+			Value:    "",
+			Path:     "/",
+			Expires:  time.Unix(0, 0),
+			Domain:   utils.SessionStore.SCS.Cookie.Domain,
+			HttpOnly: true,
+		}
+		http.SetCookie(w, c)
+	}
+
 	if handleTemplateError(w, r, "auth.go", "Login", "", loginTemplate.ExecuteTemplate(w, "layout", data)) != nil {
 		return // an error has occurred and was processed
 	}