From 84a16dd6c14e0a8f64b94dfd86e58746661f2ab6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Wed, 29 Sep 2021 12:34:51 +0200 Subject: [PATCH] unambiguous cookie path when destroying user session --- users.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users.sh b/users.sh index 1959e9d..b784ec7 100755 --- a/users.sh +++ b/users.sh @@ -226,8 +226,8 @@ user_logout(){ # destroy cookie, destroy session # keep device cookie new_session - SET_COOKIE 0 session="" - SET_COOKIE 0 user_id="" + SESSION_COOKIE new + SET_COOKIE 0 user_id="" Path="/${_BASE#/}" SameSite=Strict HttpOnly REDIRECT "${_BASE}${PATH_INFO}#USER_LOGGED_OUT" } -- 2.39.2