You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2021/12/09 19:15:14 UTC

[couchdb] 01/01: Add SameSite setting when clearing session cookie (2)

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch delete-session-cookie-samesite-2-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit c12f0a723cc213679bb90cd263b1187b153627d9
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Dec 9 19:14:35 2021 +0000

    Add SameSite setting when clearing session cookie (2)
    
    I missed a case.
---
 src/couch/src/couch_httpd_auth.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 757f055..b404480 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -447,7 +447,7 @@ handle_session_req(#httpd{method = 'POST', mochi_req = MochiReq} = Req, AuthModu
             authentication_warning(Req, UserName),
             % clear the session
             Cookie = mochiweb_cookies:cookie(
-                "AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)
+                "AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req) ++ same_site()
             ),
             {Code, Headers} =
                 case couch_httpd:qs_value(Req, "fail", nil) of