From 3b4405aecec0f78e9219a2a2c76f248f680fbc69 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Tue, 11 Jun 2024 13:57:51 +0800 Subject: [PATCH] Delete legacy cookie before setting new cookie (#31306) (#31317) Backport #31306 by wxiaoguang Co-authored-by: wxiaoguang (cherry picked from commit 3fcf865a4bef6f73149984090304f3d64af2a0e1) --- modules/web/middleware/cookie.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/web/middleware/cookie.go b/modules/web/middleware/cookie.go index ec6b06f993..f2d25f5b1c 100644 --- a/modules/web/middleware/cookie.go +++ b/modules/web/middleware/cookie.go @@ -35,6 +35,10 @@ func GetSiteCookie(req *http.Request, name string) string { // SetSiteCookie returns given cookie value from request header. func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) { + // Previous versions would use a cookie path with a trailing /. + // These are more specific than cookies without a trailing /, so + // we need to delete these if they exist. + deleteLegacySiteCookie(resp, name) cookie := &http.Cookie{ Name: name, Value: url.QueryEscape(value), @@ -46,10 +50,6 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) { SameSite: setting.SessionConfig.SameSite, } resp.Header().Add("Set-Cookie", cookie.String()) - // Previous versions would use a cookie path with a trailing /. - // These are more specific than cookies without a trailing /, so - // we need to delete these if they exist. - deleteLegacySiteCookie(resp, name) } // deleteLegacySiteCookie deletes the cookie with the given name at the cookie