New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes deletion of splitted cookies - Issue #69 #70
Fixes deletion of splitted cookies - Issue #69 #70
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for submitting this, you make a very good point in #69, this is quite a critical bug!
I've added a couple of questions and thoughts on potential improvements, let me know what you think
Thanks for your comments. I'll change the code and update the PR. |
Hey, can I do anything to get this merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you could add a note to the Changelog then we can get this merged 😀 Thanks for the fix!
I'm done |
Hi @einfachchr, there's something kinda weird going on here, the diff now is pulling in loads of additional stuff and there's a mass of new commits from other PRs, any idea what happened? Could you rebase on top of our master branch picking only your commits and then force push again please? I think this should fix it |
@JoelSpeed I did a rebase of master. Maybe a bad idea? |
Co-Authored-By: einfachchr <einfachchr@gmail.com>
57c04db
to
eb2514c
Compare
@JoelSpeed I did a rebase and force push. Now it looks fine ;-) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's better!!! Thanks very much for the PR and the time you've spent responding to my feedback 😀
This pull requests changes how the cookies are deleted on logout. It changes how the cookie names are
determined.
If you have any questions / suggestions, I'd be glad to add these.
Description
For problem description see Issue #69.
ClearSessionCookie() is changed to search the request cookies for cookies set by this proxy (identified by
name prefix). For each of these a "reset cookie" is generated and set into the response header.
The change only affects the way the cookie names are determined.
Motivation and Context
Fixes Issue #69. A user cannot be logged out in case of splitted cookies.
How Has This Been Tested?
This is tested by unit tests (oauthproxy_test.go - TestClearSplittedCookie, TestClearNotSplittedCookie)
and this is running in our production environment.
Checklist: