Skip to content

Commit

Permalink
Don't include the port with the domain when setting the cookie (#202)
Browse files Browse the repository at this point in the history
  • Loading branch information
digininja authored and crewjam committed May 21, 2019
1 parent ca21de9 commit 344d075
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion samlsp/cookie.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package samlsp

import (
"net"
"net/http"
"strings"
"time"
Expand Down Expand Up @@ -81,9 +82,14 @@ func (c ClientCookies) DeleteState(w http.ResponseWriter, r *http.Request, id st

// SetToken assigns the specified token by setting a cookie.
func (c ClientCookies) SetToken(w http.ResponseWriter, r *http.Request, value string, maxAge time.Duration) {
// Cookies should not have the port attached to them so strip it off
domain := c.Domain
if strings.Contains(domain, ":") {
domain, _, _ = net.SplitHostPort(domain)
}
http.SetCookie(w, &http.Cookie{
Name: c.Name,
Domain: c.Domain,
Domain: domain,
Value: value,
MaxAge: int(maxAge.Seconds()),
HttpOnly: true,
Expand Down

0 comments on commit 344d075

Please sign in to comment.