From d955241aea472a6f647645eac110f0df6b89fb40 Mon Sep 17 00:00:00 2001
From: Patrick Pfeiffer <patrick@bitfly.at>
Date: Tue, 21 May 2024 13:11:55 +0200
Subject: [PATCH] (NOBIDS) frontend: invalidate old cookies

---
 handlers/auth.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/handlers/auth.go b/handlers/auth.go
index 8bd99f8b21..d656a9b481 100644
--- a/handlers/auth.go
+++ b/handlers/auth.go
@@ -183,6 +183,19 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		RedirectData: redirectData}
 	data.Meta.NoTrack = true
 
+	if utils.Config.Frontend.SessionCookieDeriveDomainFromRequest {
+		// delete old cookie
+		c := &http.Cookie{
+			Name:     utils.SessionStore.SCS.Cookie.Name,
+			Value:    "",
+			Path:     "/",
+			Expires:  time.Unix(0, 0),
+			Domain:   utils.SessionStore.SCS.Cookie.Domain,
+			HttpOnly: true,
+		}
+		http.SetCookie(w, c)
+	}
+
 	if handleTemplateError(w, r, "auth.go", "Login", "", loginTemplate.ExecuteTemplate(w, "layout", data)) != nil {
 		return // an error has occurred and was processed
 	}