fix #1877

kataras · Apr 23, 2022 · 3b95c85 · 3b95c85
1 parent 677ddd7
commit 3b95c85
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/context/context.go b/context/context.go
@@ -5498,19 +5498,31 @@ func (ctx *Context) UpsertCookie(cookie *http.Cookie, options ...CookieOption) b
 	ctx.applyCookieOptions(cookie, OpCookieSet, options)
 
 	header := ctx.ResponseWriter().Header()
-
 	if cookies := header[setCookieHeaderKey]; len(cookies) > 0 {
 		s := cookie.Name + "=" // name=?value
+
+		existingUpdated := false
+
 		for i, c := range cookies {
 			if strings.HasPrefix(c, s) {
+				if existingUpdated { // fixes #1877
+					// remove any duplicated.
+					cookies[i] = ""
+					header[setCookieHeaderKey] = cookies
+					continue
+				}
 				// We need to update the Set-Cookie (to update the expiration or any other cookie's properties).
 				// Probably the cookie is set and then updated in the first session creation
 				// (e.g. UpdateExpiration, see https://github.com/kataras/iris/issues/1485).
 				cookies[i] = cookie.String()
 				header[setCookieHeaderKey] = cookies
-				return false
+				existingUpdated = true
 			}
 		}
+
+		if existingUpdated {
+			return false // existing one updated.
+		}
 	}
 
 	header.Add(setCookieHeaderKey, cookie.String())

diff --git a/sessions/sessions.go b/sessions/sessions.go
@@ -268,7 +268,7 @@ func (s *Sessions) Destroy(ctx *context.Context) {
 
 	ctx.Values().Remove(sessionContextKey)
 
-	ctx.RemoveCookie(s.config.Cookie)
+	ctx.RemoveCookie(s.config.Cookie, s.cookieOptions...)
 	s.provider.Destroy(cookieValue)
 }