fix: inform services and controllers if subdomain cookie domain is enabled

2026-05-08 21:38:13 +00:00 · 2026-04-29 15:49:45 +03:00
parent d90e3d652d
commit 44a7cbf41b
3 changed files with 22 additions and 5 deletions
@@ -78,6 +78,7 @@ type AuthServiceConfig struct {
 	SessionCookieName  string
 	IP                 config.IPConfig
 	LDAPGroupsCacheTTL int
+	SubdomainsEnabled  bool
 }

 type AuthService struct {
@@ -327,7 +328,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *repository.Se
 		return err
 	}

-	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", auth.getCookieDomain(), auth.config.SecureCookie, true)

 	return nil
 }
@@ -378,7 +379,7 @@ func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
 		return err
 	}

-	c.SetCookie(auth.config.SessionCookieName, cookie, int(newExpiry-currentTime), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, cookie, int(newExpiry-currentTime), "/", auth.getCookieDomain(), auth.config.SecureCookie, true)
 	tlog.App.Trace().Str("username", session.Username).Msg("Session cookie refreshed")

 	return nil
@@ -397,7 +398,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}

-	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", auth.getCookieDomain(), auth.config.SecureCookie, true)

 	return nil
 }
@@ -834,3 +835,10 @@ func (auth *AuthService) ClearRateLimitsTestingOnly() {
 	}
 	auth.loginMutex.Unlock()
 }
+
+func (auth *AuthService) getCookieDomain() string {
+	if auth.config.SubdomainsEnabled {
+		return "." + auth.config.CookieDomain
+	}
+	return auth.config.CookieDomain
+}