2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 11:30:23 +00:00

Remove 'path' condition for session cookie

The cookie had an unnecessary limitation.  path need not be specified,
and it is possible for a client to request in a way that fails the criteria.
This commit is contained in:
Jarrod Johnson 2016-10-21 09:56:14 -04:00
parent 7f9394b33a
commit 0ad4ae90c9

View File

@ -290,7 +290,6 @@ def _authorize_request(env, operation):
cookie['confluentsessionid'] = sessid
cookie['confluentsessionid']['secure'] = 1
cookie['confluentsessionid']['httponly'] = 1
cookie['confluentsessionid']['path'] = '/'
skiplog = _should_skip_authlog(env)
if authdata:
auditmsg = {