From 44398e405ffe297997c6b9c8dbb97f966926b65a Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Sun, 3 Mar 2024 08:14:12 +0800
Subject: [PATCH] Fix incorrect cookie path for AppSubURL (#29534)

Regression of #24107
---
 modules/setting/session.go   | 7 +++++--
 routers/common/middleware.go | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/setting/session.go b/modules/setting/session.go
index 8b9b754b38..70497e5eaa 100644
--- a/modules/setting/session.go
+++ b/modules/setting/session.go
@@ -20,7 +20,7 @@ var SessionConfig = struct {
 	ProviderConfig string
 	// Cookie name to save session ID. Default is "MacaronSession".
 	CookieName string
-	// Cookie path to store. Default is "/". HINT: there was a bug, the old value doesn't have trailing slash, and could be empty "".
+	// Cookie path to store. Default is "/".
 	CookiePath string
 	// GC interval time in seconds. Default is 3600.
 	Gclifetime int64
@@ -49,7 +49,10 @@ func loadSessionFrom(rootCfg ConfigProvider) {
 		fatalDuplicatedPath("session", SessionConfig.ProviderConfig)
 	}
 	SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea")
-	SessionConfig.CookiePath = AppSubURL + "/" // there was a bug, old code only set CookePath=AppSubURL, no trailing slash
+	SessionConfig.CookiePath = AppSubURL
+	if SessionConfig.CookiePath == "" {
+		SessionConfig.CookiePath = "/"
+	}
 	SessionConfig.Secure = sec.Key("COOKIE_SECURE").MustBool(strings.HasPrefix(strings.ToLower(AppURL), "https://"))
 	SessionConfig.Gclifetime = sec.Key("GC_INTERVAL_TIME").MustInt64(86400)
 	SessionConfig.Maxlifetime = sec.Key("SESSION_LIFE_TIME").MustInt64(86400)
diff --git a/routers/common/middleware.go b/routers/common/middleware.go
index 1ee4c629ad..c7c75fb099 100644
--- a/routers/common/middleware.go
+++ b/routers/common/middleware.go
@@ -38,6 +38,7 @@ func ProtocolMiddlewares() (handlers []any) {
 		})
 	})
 
+	// wrap the request and response, use the process context and add it to the process manager
 	handlers = append(handlers, func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
 			ctx, _, finished := process.GetManager().AddTypedContext(req.Context(), fmt.Sprintf("%s: %s", req.Method, req.RequestURI), process.RequestProcessType, true)