Merge pull request #6 from vjacynycz/gcp-cookie-stratio

Clear extra cookies with same domain as session cookie

.gitignore

@@ -18,6 +18,7 @@ c.out
 _obj
 _test
 .idea/
+.vscode/
 
 # Architecture specific extensions/prefixes
 *.[568vq]

CHANGELOG.md

@@ -1,12 +1,15 @@
 # Changelog
 
-## 7.1.2-0.1.0 (upcoming)
+## 7.4.0-0.2.0 (upcoming)
 
-* Use new versioning schema
-* Adapt repo to new CICD
+## 7.1.2-0.1.1 (2023-02-01)
+
+* [EOS-10808] Clear extra cookies with same domain as session cookie
 
-## 7.1.2 (September 10, 2021)
+## 7.1.2-0.1.0 (2022-07-21)
 
+* Use new versioning schema
+* Adapt repo to new CICD
 * Bump alpine version to fix vulnerabilities
 * [EOS-5416] Make sis path configurable
 * [EOS-5112] Clear extra cookies whenever session cookie is removed

oauthproxy.go

@@ -460,18 +460,6 @@ func (p *OAuthProxy) makeCookie(req *http.Request, name string, value string, ex
 	}
 }
 
-func (p *OAuthProxy) makeExtraCookie(req *http.Request, name string, value string, expiration time.Duration, now time.Time) *http.Cookie {
-	return &http.Cookie{
-		Name:     name,
-		Value:    value,
-		Path:     p.CookiePath,
-		HttpOnly: p.CookieHTTPOnly,
-		Secure:   p.CookieSecure,
-		Expires:  now.Add(expiration),
-		SameSite: cookies.ParseSameSite(p.CookieSameSite),
-	}
-}
-
 // ClearCSRFCookie creates a cookie to unset the CSRF cookie stored in the user's
 // session
 func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request) {
@@ -503,7 +491,7 @@ func (p *OAuthProxy) ClearExtraCookies(rw http.ResponseWriter, req *http.Request
 			continue
 		}
 		logger.Printf("Extra cookie %s found in request: %#v", name, c)
-		http.SetCookie(rw, p.makeExtraCookie(req, c.Name, "", time.Hour*-1, time.Now()))
+		http.SetCookie(rw, p.makeCookie(req, c.Name, "", time.Hour*-1, time.Now()))
 	}
 }