FIX: add path to cookies so sessions on the same domain but different subfolders don't log each other out

2025-09-05 08:59:27 +08:00 · 2017-06-20 13:30:36 -04:00 · 2017-06-20 13:30:36 -04:00 · 1716747810
commit 1716747810
parent 482365b943
2 changed files with 14 additions and 1 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -159,7 +159,8 @@ class Auth::DefaultCurrentUserProvider
      value: unhashed_auth_token,
      httponly: true,
      expires: SiteSetting.maximum_session_age.hours.from_now,
-      secure: SiteSetting.force_https
+      secure: SiteSetting.force_https,
+      path: GlobalSetting.relative_url_root.nil? ? '/' : GlobalSetting.relative_url_root
    }

    if SiteSetting.same_site_cookies != "Disabled"