From 806db7c0e2fa7645bbd89ac1d8f9aa3ecf95a8b8 Mon Sep 17 00:00:00 2001
From: Cam Saul <cammsaul@gmail.com>
Date: Mon, 8 Apr 2019 12:28:18 -0700
Subject: [PATCH] Remove Path= directive from Set-Cookie; breaks non-root
 mounting :wrench:

---
 src/metabase/middleware/session.clj | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/metabase/middleware/session.clj b/src/metabase/middleware/session.clj
index 9ccb9fc5bde..640f41499a6 100644
--- a/src/metabase/middleware/session.clj
+++ b/src/metabase/middleware/session.clj
@@ -83,7 +83,6 @@
        (merge
         {:same-site :lax
          :http-only true
-         :path      "/api"
          :max-age   (config/config-int :max-session-age)}
         ;; If the authentication request request was made over HTTPS (hopefully always except for local dev instances)
         ;; add `Secure` attribute so the cookie is only sent over HTTPS.
-- 
GitLab