mirror of
https://github.com/grafana/grafana.git
synced 2025-02-10 15:45:43 -06:00
Auth: Remove the session cookie only if it's invalid or revoked (#65984)
Remove the cookie if it's invalid or revoked
This commit is contained in:
parent
8e03badfa2
commit
4cac95d1c2
@ -481,8 +481,8 @@ func (h *ContextHandler) initContextWithToken(reqContext *contextmodel.ReqContex
|
||||
token, err := h.AuthTokenService.LookupToken(ctx, rawToken)
|
||||
if err != nil {
|
||||
reqContext.Logger.Warn("failed to look up session from cookie", "error", err)
|
||||
if errors.Is(err, auth.ErrUserTokenNotFound) || errors.Is(err, auth.ErrInvalidSessionToken) {
|
||||
// Burn the cookie in case of invalid, expired or missing token
|
||||
if errors.Is(err, auth.ErrInvalidSessionToken) {
|
||||
// Burn the cookie in case of invalid or revoked token
|
||||
reqContext.Resp.Before(h.deleteInvalidCookieEndOfRequestFunc(reqContext))
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user