Clear password when redirecting to login

Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
2019-11-07 12:38:10 -05:00 · 2019-11-07 12:38:10 -05:00 · 727ac6483b
commit 727ac6483b
parent 2c15c09fc0
1 changed files with 4 additions and 1 deletions
--- a/src/node/server.ts
+++ b/src/node/server.ts
@ -298,7 +298,10 @@ export abstract class Server {
 						return response;
 				}
 				if (!this.authenticate(request)) {
-					return { redirect: "/login" };
+					return { 
+			   			redirect: "/login",
+			   			headers: { "Set-Cookie": `password=` }
+			   		};
 				}
 				break;
 			case "/static":