Previously cookie path was set to Path="/api", this was a performance improvement to tell the browser to send the cookie only to request with that prefix, however also consume endpoints on Path="/ws", since rfc6265 doesnt support multiple paths or regular expressions in the path field of a cookie we are back to use Path="/" which means send the cookie to all request under the current domain. Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
This commit is contained in:
Lenin Alevski
GitHub
@@ -109,7 +109,7 @@ func NewSessionCookieForConsole(token string) http.Cookie {
|
|||||||
expiration := time.Now().Add(SessionDuration)
|
expiration := time.Now().Add(SessionDuration)
|
||||||
|
|
||||||
return http.Cookie{
|
return http.Cookie{
|
||||||
Path: "/api", // browser will send cookie only for HTTP request under api path
|
Path: "/",
|
||||||
Name: "token",
|
Name: "token",
|
||||||
Value: token,
|
Value: token,
|
||||||
MaxAge: int(SessionDuration.Seconds()), // 45 minutes
|
MaxAge: int(SessionDuration.Seconds()), // 45 minutes
|
||||||
@@ -125,7 +125,7 @@ func NewSessionCookieForConsole(token string) http.Cookie {
|
|||||||
|
|
||||||
func ExpireSessionCookie() http.Cookie {
|
func ExpireSessionCookie() http.Cookie {
|
||||||
return http.Cookie{
|
return http.Cookie{
|
||||||
Path: "/api", // browser will send cookie only for HTTP request under api path
|
Path: "/",
|
||||||
Name: "token",
|
Name: "token",
|
||||||
Value: "",
|
Value: "",
|
||||||
MaxAge: -1,
|
MaxAge: -1,
|
||||||
|
|||||||
Reference in New Issue
Block a user