amigan/stillbox
1
1
Fork 0
Code Issues 33 Pull requests Projects Releases Packages Wiki Activity Actions

Fix cookie weirdness (delete correctly using MaxAge)

Browse source
This commit is contained in:
Daniel Ponte 2024-11-25 12:57:59 -05:00
parent 18e07e322f
commit 9b3743e79a
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/auth/jwt.go
View file

@ -156,6 +156,7 @@ func (a *Auth) routeRefresh(w http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: tok,
Path: "/",
HttpOnly: true,
Secure: true,
}
@ -216,6 +217,7 @@ func (a *Auth) routeAuth(w http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: tok,
Path: "/",
HttpOnly: true,
Secure: true,
}
@ -242,9 +244,10 @@ func (a *Auth) routeLogout(w http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: "",
Path: "/",
HttpOnly: true,
Secure: true,
Expires: time.Time{},
MaxAge: -1,
}
if a.allowInsecureCookie(r) {