File tree Expand file tree Collapse file tree 1 file changed +19
-1
lines changed Expand file tree Collapse file tree 1 file changed +19
-1
lines changed Original file line number Diff line number Diff line change @@ -1018,9 +1018,27 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
10181018 }
10191019 http .SetCookie (rw , cookie )
10201020
1021+ // This code should be removed after Jan 1 2023.
1022+ // This code logs out of the old session cookie before we renamed it
1023+ // if it is a valid coder token. Otherwise, this old cookie hangs around
1024+ // and we never log out of the user.
1025+ oldCookie , err := r .Cookie ("session_token" )
1026+ if err == nil && oldCookie != nil {
1027+ _ , _ , err := httpmw .SplitAPIToken (oldCookie .Value )
1028+ if err == nil {
1029+ cookie := & http.Cookie {
1030+ // MaxAge < 0 means to delete the cookie now.
1031+ MaxAge : - 1 ,
1032+ Name : "session_token" ,
1033+ Path : "/" ,
1034+ }
1035+ http .SetCookie (rw , cookie )
1036+ }
1037+ }
1038+
10211039 // Delete the session token from database.
10221040 apiKey := httpmw .APIKey (r )
1023- err : =api .Database .DeleteAPIKeyByID (ctx , apiKey .ID )
1041+ err = api .Database .DeleteAPIKeyByID (ctx , apiKey .ID )
10241042 if err != nil {
10251043 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
10261044 Message : "Internal error deleting API key." ,
You can’t perform that action at this time.
0 commit comments