remove maxage from session token

2025-08-01 05:01:50 +08:00 · 2019-01-17 21:03:27 +01:00
parent 81879f0162
commit fd937e3d95
2 changed files with 7 additions and 9 deletions
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@ -4,7 +4,6 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
 	"time"
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/apikeygen"
@ -71,15 +70,14 @@ func GetContextHandler(ats *auth.UserAuthTokenService) macaron.Handler {
 		if rotated {
 			ctx.Logger.Info("new token", "unhashed token", ctx.UserToken.UnhashedToken)
-			//c.SetCookie("grafana_session", url.QueryEscape(ctx.UserToken.UnhashedToken), nil, setting.AppSubUrl+"/", setting.Domain, false, true)
+			ctx.Resp.Header().Del("Set-Cookie")
 			// ctx.Resp.Header().Del("Set-Cookie")
 			cookie := http.Cookie{
 				Name:     "grafana_session",
 				Value:    url.QueryEscape(ctx.UserToken.UnhashedToken),
 				HttpOnly: true,
-				MaxAge:   int(time.Minute * 10),
+				//MaxAge:   600,
-				Domain:   setting.Domain,
+				Domain: setting.Domain,
-				Path:     setting.AppSubUrl + "/",
+				Path:   setting.AppSubUrl + "/",
 			}
 			ctx.Resp.Header().Add("Set-Cookie", cookie.String())
--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@ -46,9 +46,9 @@ func (s *UserAuthTokenService) UserAuthenticatedHook(user *models.User, c *model
 		Name:     sessionCookieKey,
 		Value:    url.QueryEscape(userToken.UnhashedToken),
 		HttpOnly: true,
-		MaxAge:   int(time.Minute * 10),
+		//MaxAge:   600,
-		Domain:   setting.Domain,
+		Domain: setting.Domain,
-		Path:     setting.AppSubUrl + "/",
+		Path:   setting.AppSubUrl + "/",
 	}
 	c.Resp.Header().Add("Set-Cookie", cookie.String())