Remove 'path' condition for session cookie

The cookie had an unnecessary limitation. path need not be specified, and it is possible for a client to request in a way that fails the criteria.
2025-08-24 12:10:26 +00:00 · 2016-10-21 09:56:14 -04:00
parent 7f9394b33a
commit 0ad4ae90c9
1 changed files with 0 additions and 1 deletions
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@@ -290,7 +290,6 @@ def _authorize_request(env, operation):
        cookie['confluentsessionid'] = sessid
        cookie['confluentsessionid']['secure'] = 1
        cookie['confluentsessionid']['httponly'] = 1
-        cookie['confluentsessionid']['path'] = '/'
    skiplog = _should_skip_authlog(env)
    if authdata:
        auditmsg = {