Make cookie path configurable

Fixes: #31 Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
puiterwijk · Sep 27, 2017 · b88013e · b88013e
1 parent 506ef55
commit b88013e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/docs/index.rst b/docs/index.rst
@@ -181,6 +181,9 @@ This is a list of all settings supported in the current release.
     Name of the cookie used to store the users' login state. Defaults to
     "oidc_id_token".
 
+  OIDC_ID_TOKEN_COOKIE_PATH
+    Path under which the login state cookie is stored. Defaults to "/".
+
   OIDC_ID_TOKEN_COOKIE_TTL
     Integer telling how long the login state of the user remains valid.
     Defaults to 7 days.

diff --git a/flask_oidc/__init__.py b/flask_oidc/__init__.py
@@ -135,6 +135,7 @@ def init_app(self, app):
         app.config.setdefault('OIDC_SCOPES', ['openid', 'email'])
         app.config.setdefault('OIDC_GOOGLE_APPS_DOMAIN', None)
         app.config.setdefault('OIDC_ID_TOKEN_COOKIE_NAME', 'oidc_id_token')
+        app.config.setdefault('OIDC_ID_TOKEN_COOKIE_PATH', '/')
         app.config.setdefault('OIDC_ID_TOKEN_COOKIE_TTL', 7 * 86400)  # 7 days
         # should ONLY be turned off for local debugging
         app.config.setdefault('OIDC_COOKIE_SECURE', True)
@@ -354,6 +355,7 @@ def _after_request(self, response):
                 response.set_cookie(
                     current_app.config['OIDC_ID_TOKEN_COOKIE_NAME'],
                     '',
+                    path=current_app.config['OIDC_ID_TOKEN_COOKIE_PATH'],
                     secure=cookie_secure,
                     httponly=True,
                     expires=0)