Skip to content

Commit

Permalink
set cookie domain when clearing request tracker cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
@crewjam
crewjam committed Dec 14, 2020
1 parent 6013850 commit acec889
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion samlsp/middleware_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -501,7 +501,7 @@ func TestMiddlewareCanParseResponse(t *testing.T) {

assert.Equal(t, "/frob", resp.Header().Get("Location"))
assert.Equal(t, []string{
"saml_KCosLjAyNDY4Ojw-QEJERkhKTE5QUlRWWFpcXmBiZGZoamxucHJ0dnh6=; Expires=Thu, 01 Jan 1970 00:00:01 GMT",
"saml_KCosLjAyNDY4Ojw-QEJERkhKTE5QUlRWWFpcXmBiZGZoamxucHJ0dnh6=; Domain=15661444.ngrok.io; Expires=Thu, 01 Jan 1970 00:00:01 GMT",
"ttt=" + test.expectedSessionCookie + "; " +
"Path=/; Domain=15661444.ngrok.io; Max-Age=7200; HttpOnly; Secure"},
resp.Header()["Set-Cookie"])
Expand Down
1 change: 1 addition & 0 deletions samlsp/request_tracker_cookie.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ func (t CookieRequestTracker) StopTrackingRequest(w http.ResponseWriter, r *http
return err
}
cookie.Value = ""
cookie.Domain = t.ServiceProvider.AcsURL.Host
cookie.Expires = time.Unix(1, 0) // past time as close to epoch as possible, but not zero time.Time{}
http.SetCookie(w, cookie)
return nil
Expand Down

0 comments on commit acec889

Please sign in to comment.