Delete legacy cookie before setting new cookie (#31306) (#31317)

Backport #31306 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 3fcf865a4bef6f73149984090304f3d64af2a0e1)
This commit is contained in:
Giteabot 2024-06-11 13:57:51 +08:00 committed by Earl Warren
parent 2d43c94898
commit 3b4405aece
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00

View file

@ -35,6 +35,10 @@ func GetSiteCookie(req *http.Request, name string) string {
// SetSiteCookie returns given cookie value from request header. // SetSiteCookie returns given cookie value from request header.
func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) { func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
// Previous versions would use a cookie path with a trailing /.
// These are more specific than cookies without a trailing /, so
// we need to delete these if they exist.
deleteLegacySiteCookie(resp, name)
cookie := &http.Cookie{ cookie := &http.Cookie{
Name: name, Name: name,
Value: url.QueryEscape(value), Value: url.QueryEscape(value),
@ -46,10 +50,6 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
SameSite: setting.SessionConfig.SameSite, SameSite: setting.SessionConfig.SameSite,
} }
resp.Header().Add("Set-Cookie", cookie.String()) resp.Header().Add("Set-Cookie", cookie.String())
// Previous versions would use a cookie path with a trailing /.
// These are more specific than cookies without a trailing /, so
// we need to delete these if they exist.
deleteLegacySiteCookie(resp, name)
} }
// deleteLegacySiteCookie deletes the cookie with the given name at the cookie // deleteLegacySiteCookie deletes the cookie with the given name at the cookie