apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auth: Remove the session cookie only if it's invalid or revoked (#65984)

Browse Source 
Remove the cookie if it's invalid or revoked
pull/66442/head
Misi 2 years ago committed by GitHub
parent 8e03badfa2
commit 4cac95d1c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      pkg/services/contexthandler/contexthandler.go

4
pkg/services/contexthandler/contexthandler.go
Unescape View File

@ -481,8 +481,8 @@ func (h *ContextHandler) initContextWithToken(reqContext *contextmodel.ReqContex
token, err := h.AuthTokenService.LookupToken(ctx, rawToken)
if err != nil {
reqContext.Logger.Warn("failed to look up session from cookie", "error", err)
if errors.Is(err, auth.ErrUserTokenNotFound) || errors.Is(err, auth.ErrInvalidSessionToken) {
// Burn the cookie in case of invalid, expired or missing token
if errors.Is(err, auth.ErrInvalidSessionToken) {
// Burn the cookie in case of invalid or revoked token
reqContext.Resp.Before(h.deleteInvalidCookieEndOfRequestFunc(reqContext))
}

Write Preview
Loading…
Cancel
Save