diff --git a/web/assets/js/langs.js b/web/assets/js/langs.js index af9eadb1..7782d0df 100644 --- a/web/assets/js/langs.js +++ b/web/assets/js/langs.js @@ -34,13 +34,13 @@ function getLang() { lang = window.navigator.language || window.navigator.userLanguage; if (isSupportLang(lang)) { - setCookie('lang', lang, 150); + setCookie('lang', lang); } else { - setCookie('lang', 'en-US', 150); + setCookie('lang', 'en-US'); window.location.reload(); } } else { - setCookie('lang', 'en-US', 150); + setCookie('lang', 'en-US'); window.location.reload(); } } @@ -53,7 +53,7 @@ function setLang(lang) { lang = 'en-US'; } - setCookie('lang', lang, 150); + setCookie('lang', lang); window.location.reload(); } diff --git a/web/assets/js/util/common.js b/web/assets/js/util/common.js index 44b15955..ab0cc704 100644 --- a/web/assets/js/util/common.js +++ b/web/assets/js/util/common.js @@ -95,10 +95,13 @@ function getCookie(cname) { } function setCookie(cname, cvalue, exdays) { - const d = new Date(); - d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000); - let expires = "expires=" + d.toUTCString(); - document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; + let expires = ""; + if (exdays > 0) { + const d = new Date(); + d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000); + expires = "expires=" + d.toUTCString(); + } + document.cookie = cname + "=" + cvalue + ";" + expires + ";path=" + axios.defaults.baseURL; } function usageColor(data, threshold, total) { diff --git a/web/controller/index.go b/web/controller/index.go index 62c35242..0fadae8d 100644 --- a/web/controller/index.go +++ b/web/controller/index.go @@ -75,20 +75,12 @@ func (a *IndexController) login(c *gin.Context) { a.tgbot.UserLoginNotify(safeUser, getRemoteIp(c), timeStr, 1) } - sessionMaxAge, err := a.settingService.GetSessionMaxAge() - if err != nil { - logger.Info("Unable to get session's max age from DB") - } - - if sessionMaxAge > 0 { - err = session.SetMaxAge(c, sessionMaxAge*60) - if err != nil { - logger.Info("Unable to set session's max age") - } - } - err = session.SetLoginUser(c, user) - logger.Infof("%s logged in successfully", user.Username) + if err == nil { + logger.Infof("%s logged in successfully", user.Username) + } else { + logger.Error("Unable to set login user") + } jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), err) } diff --git a/web/session/session.go b/web/session/session.go index cea9e206..db542c75 100644 --- a/web/session/session.go +++ b/web/session/session.go @@ -19,23 +19,10 @@ func init() { func SetLoginUser(c *gin.Context, user *model.User) error { s := sessions.Default(c) - s.Options(sessions.Options{ - Path: "/", - HttpOnly: true, - }) s.Set(loginUser, user) return s.Save() } -func SetMaxAge(c *gin.Context, maxAge int) error { - s := sessions.Default(c) - s.Options(sessions.Options{ - Path: "/", - MaxAge: maxAge, - }) - return s.Save() -} - func GetLoginUser(c *gin.Context) *model.User { s := sessions.Default(c) obj := s.Get(loginUser) @@ -53,8 +40,12 @@ func IsLogin(c *gin.Context) bool { func ClearSession(c *gin.Context) { s := sessions.Default(c) s.Clear() + basePath := c.GetString("base_path") + if basePath == "" { + basePath = "/" + } s.Options(sessions.Options{ - Path: "/", + Path: basePath, MaxAge: -1, }) s.Save() diff --git a/web/web.go b/web/web.go index 3abb4537..12a1f9c4 100644 --- a/web/web.go +++ b/web/web.go @@ -176,10 +176,23 @@ func (s *Server) initRouter() (*gin.Engine, error) { if err != nil { return nil, err } + + sessionMaxAge, err := s.settingService.GetSessionMaxAge() + if err != nil { + return nil, err + } engine.Use(gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedPaths([]string{basePath + "xui/API/"}))) assetsBasePath := basePath + "assets/" store := cookie.NewStore(secret) + sessionOptions := sessions.Options{ + Path: basePath, + HttpOnly: true, + } + if sessionMaxAge > 0 { + sessionOptions.MaxAge = sessionMaxAge * 60 + } + store.Options(sessionOptions) engine.Use(sessions.Sessions("x-ui", store)) engine.Use(func(c *gin.Context) { c.Set("base_path", basePath)