Skip to content

Commit

Permalink
set cookie domain when clearing request tracker cookie (#321)
Browse files Browse the repository at this point in the history
crewjam authored Dec 14, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 9ce1492 commit 3bb7a4b
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion samlsp/middleware_test.go
Original file line number Diff line number Diff line change
@@ -501,7 +501,7 @@ func TestMiddlewareCanParseResponse(t *testing.T) {

assert.Equal(t, "/frob", resp.Header().Get("Location"))
assert.Equal(t, []string{
"saml_KCosLjAyNDY4Ojw-QEJERkhKTE5QUlRWWFpcXmBiZGZoamxucHJ0dnh6=; Expires=Thu, 01 Jan 1970 00:00:01 GMT",
"saml_KCosLjAyNDY4Ojw-QEJERkhKTE5QUlRWWFpcXmBiZGZoamxucHJ0dnh6=; Domain=15661444.ngrok.io; Expires=Thu, 01 Jan 1970 00:00:01 GMT",
"ttt=" + test.expectedSessionCookie + "; " +
"Path=/; Domain=15661444.ngrok.io; Max-Age=7200; HttpOnly; Secure"},
resp.Header()["Set-Cookie"])
1 change: 1 addition & 0 deletions samlsp/request_tracker_cookie.go
Original file line number Diff line number Diff line change
@@ -56,6 +56,7 @@ func (t CookieRequestTracker) StopTrackingRequest(w http.ResponseWriter, r *http
return err
}
cookie.Value = ""
cookie.Domain = t.ServiceProvider.AcsURL.Hostname()
cookie.Expires = time.Unix(1, 0) // past time as close to epoch as possible, but not zero time.Time{}
http.SetCookie(w, cookie)
return nil

0 comments on commit 3bb7a4b

Please sign in to comment.