diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go index 5ba87a0f..7f74b1dd 100644 --- a/endpoints/publicProxy/http.go +++ b/endpoints/publicProxy/http.go @@ -157,6 +157,7 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex switch scheme { case string(sdk.None): logrus.Debugf("auth scheme none '%v'", shrToken) + deleteCookie(w, r) handler.ServeHTTP(w, r) return @@ -202,6 +203,7 @@ func authHandler(handler http.Handler, pcfg *Config, key []byte, ctx ziti.Contex return } + deleteCookie(w, r) handler.ServeHTTP(w, r) case string(sdk.Oauth): @@ -360,6 +362,14 @@ func SetZrokCookie(w http.ResponseWriter, cookieDomain, email, accessToken, prov }) } +func deleteCookie(w http.ResponseWriter, r *http.Request) { + cookie, err := r.Cookie("zrok-access") + if err == nil { + cookie.MaxAge = -1 + http.SetCookie(w, cookie) + } +} + func basicAuthRequired(w http.ResponseWriter, realm string) { w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`) w.WriteHeader(401)