From 0d65dea8ef4d8e0afea7eabdfa644ebc3fd80651 Mon Sep 17 00:00:00 2001
From: orvice <orvice@gmail.com>
Date: Fri, 14 Jan 2022 16:10:51 +0800
Subject: [PATCH] fix missing csrf cookie

---
 internal/server.go | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/internal/server.go b/internal/server.go
index c447d10..3cd1597 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -233,20 +233,15 @@ func (s *Server) authRedirect(logger *logrus.Entry, w http.ResponseWriter, r *ht
 		return
 	}
 
-	var setCsrfCookie = true
-	var csrf *http.Cookie
-	// Check for existing CSRF cookie
+	// clean existing CSRF cookie
 	for _, v := range r.Cookies() {
 		if strings.Contains(v.Name, config.CSRFCookieName) {
-			setCsrfCookie = false
+			http.SetCookie(w, ClearCSRFCookie(r, v))
 		}
 	}
-
-	if setCsrfCookie {
-		// Set the CSRF cookie
-		csrf := MakeCSRFCookie(r, nonce)
-		http.SetCookie(w, csrf)
-	}
+	// Set the CSRF cookie
+	csrf := MakeCSRFCookie(r, nonce)
+	http.SetCookie(w, csrf)
 
 	if !config.InsecureCookie && r.Header.Get("X-Forwarded-Proto") != "https" {
 		logger.Warn("You are using \"secure\" cookies for a request that was not " +