Merge pull request #9719 from metabase/dont-include-path-in-set-cookie-header

Remove Path= directive from Set-Cookie; breaks non-root mounting

Merge pull request #9719 from metabase/dont-include-path-in-set-cookie-header
5f5c7d1f · Cam Saul · GitHub · 60f3c439 · 806db7c0 · 5f5c7d1f
Unverified Commit 5f5c7d1f authored 5 years ago by Cam Saul Committed by GitHub 5 years ago
--- a/src/metabase/middleware/session.clj
+++ b/src/metabase/middleware/session.clj
@@ -83,7 +83,6 @@
       (merge
        {:same-site :lax
         :http-only true
-         :path      "/api"
         :max-age   (config/config-int :max-session-age)}
        ;; If the authentication request request was made over HTTPS (hopefully always except for local dev instances)
        ;; add `Secure` attribute so the cookie is only sent over HTTPS.