From dd7d3bf738b7e51407d26e32ef19bf86fc46b213 Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Tue, 10 Oct 2023 12:17:35 +0200
Subject: [PATCH] providers/proxy: fix redis cookies missing strict path
 (#7135)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 internal/outpost/proxyv2/application/session.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/outpost/proxyv2/application/session.go b/internal/outpost/proxyv2/application/session.go
index 55d2bbb46..f89f0315a 100644
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@@ -50,6 +50,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 			Domain:   *p.CookieDomain,
 			SameSite: http.SameSiteLaxMode,
 			MaxAge:   maxAge,
+			Path:     externalHost.Path,
 		})
 
 		a.log.Trace("using redis session backend")
@@ -66,11 +67,11 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 	// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
 	cs.MaxLength(math.MaxInt)
 	cs.Options.HttpOnly = true
-	if strings.ToLower(externalHost.Scheme) == "https" {
-		cs.Options.Secure = true
-	}
+	cs.Options.Secure = strings.ToLower(externalHost.Scheme) == "https"
 	cs.Options.Domain = *p.CookieDomain
 	cs.Options.SameSite = http.SameSiteLaxMode
+	cs.Options.MaxAge = maxAge
+	cs.Options.Path = externalHost.Path
 	a.log.WithField("dir", dir).Trace("using filesystem session backend")
 	return cs
 }