fix: show login page on broken session cookie (#2605)

* fix: redirect on invalid cookie * docs: update changelog * chore: remove duplicated code * fix: status code handling if wrong http method is used --------- Signed-off-by: Jan Larwig <jan@larwig.com> Co-authored-by: Jan Larwig <jan@larwig.com>
2025-08-06 22:42:56 +02:00 · 2025-07-20 17:17:24 +02:00
parent b57c82181d
commit 5e7f14bdcb
2 changed files with 5 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@
 ## Changes since v7.10.0

 - [#2615](https://github.com/oauth2-proxy/oauth2-proxy/pull/2615) feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (@bh-tt)
+- [#2605](https://github.com/oauth2-proxy/oauth2-proxy/pull/2605) fix: show login page on broken cookie (@Primexz)

 # V7.10.0

--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -633,12 +633,6 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
 // SignInPage writes the sign in template to the response
 func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) {
 	prepareNoCache(rw)
-	err := p.ClearSessionCookie(rw, req)
-	if err != nil {
-		logger.Printf("Error clearing session cookie: %v", err)
-		p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
-		return
-	}
 	rw.WriteHeader(code)

 	redirectURL, err := p.appDirector.GetRedirect(req)
@ -652,6 +646,10 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 		redirectURL = "/"
 	}

+	if err := p.ClearSessionCookie(rw, req); err != nil {
+		logger.Printf("Error clearing session cookie: %v", err)
+	}
+
 	p.pageWriter.WriteSignInPage(rw, req, redirectURL, code)
 }