From d0642bfa55e9c24429675f623bc0e35824bc9fb0 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 16 Feb 2017 13:29:10 -0500
Subject: [PATCH] Deduplicate session cookies in headers

This removes one of the 2 identical copies of the ipa_session cookie

Fixes https://fedorahosted.org/freeipa/ticket/6676

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 install/conf/ipa.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index f0330c544..635bfe5c6 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -79,6 +79,11 @@ WSGIScriptReloading Off
   WSGIApplicationGroup ipa
   Header always append X-Frame-Options DENY
   Header always append Content-Security-Policy "frame-ancestors 'none'"
+
+  # mod_session always sets two copies of the cookie, and this confuses our
+  # legacy clients, the unset here works because it ends up unsetting only one
+  # of the 2 header tables set by mod_session, leaving the other intact
+  Header unset Set-Cookie
 </Location>
 
 # Target for login with internal connections