sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: clear legacy admin_token cookie with path=/ on logout

Browse Source 
Users who logged in before the path isolation change (path=/ to path=/admin)
may have stale cookies that cause authentication conflicts. This fix ensures
both the old path=/ and new path=/admin cookies are cleared on logout.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-01-23 18:59:17 +01:00
parent dca52d004e
commit 8662fcd6da
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/api/v1/admin/auth.py
View File

@@ -113,6 +113,13 @@ def admin_logout(response: Response):
path="/admin", path="/admin",
) )
logger.debug("Deleted admin_token cookie") # Also clear legacy cookie with path=/ (from before path isolation was added)
# This handles users who logged in before the path=/admin change
response.delete_cookie(
key="admin_token",
path="/",
)
logger.debug("Deleted admin_token cookies (both /admin and / paths)")
return LogoutResponse(message="Logged out successfully") return LogoutResponse(message="Logged out successfully")