fix session maxAge #1625

web/assets/js/langs.js

@@ -34,13 +34,13 @@ function getLang() {
             lang = window.navigator.language || window.navigator.userLanguage;
 
             if (isSupportLang(lang)) {
-                setCookie('lang', lang, 150);
+                setCookie('lang', lang);
             } else {
-                setCookie('lang', 'en-US', 150);
+                setCookie('lang', 'en-US');
                 window.location.reload();
             }
         } else {
-            setCookie('lang', 'en-US', 150);
+            setCookie('lang', 'en-US');
             window.location.reload();
         }
     }
@@ -53,7 +53,7 @@ function setLang(lang) {
         lang = 'en-US';
     }
 
-    setCookie('lang', lang, 150);
+    setCookie('lang', lang);
     window.location.reload();
 }
 

web/assets/js/util/common.js

@@ -95,10 +95,13 @@ function getCookie(cname) {
 }
 
 function setCookie(cname, cvalue, exdays) {
+    let expires = "";
+    if (exdays > 0) {
         const d = new Date();
         d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
-    let expires = "expires=" + d.toUTCString();
+        expires = "expires=" + d.toUTCString();
-    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
+    }
+    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=" + axios.defaults.baseURL;
 }
 
 function usageColor(data, threshold, total) {

web/controller/index.go

@@ -75,20 +75,12 @@ func (a *IndexController) login(c *gin.Context) {
 		a.tgbot.UserLoginNotify(safeUser, getRemoteIp(c), timeStr, 1)
 	}
 
-	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
-	if err != nil {
-		logger.Info("Unable to get session's max age from DB")
-	}
-
-	if sessionMaxAge > 0 {
-		err = session.SetMaxAge(c, sessionMaxAge*60)
-		if err != nil {
-			logger.Info("Unable to set session's max age")
-		}
-	}
-
 	err = session.SetLoginUser(c, user)
+	if err == nil {
 		logger.Infof("%s logged in successfully", user.Username)
+	} else {
+		logger.Error("Unable to set login user")
+	}
 	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), err)
 }
 

web/session/session.go

@@ -19,23 +19,10 @@ func init() {
 
 func SetLoginUser(c *gin.Context, user *model.User) error {
 	s := sessions.Default(c)
-	s.Options(sessions.Options{
-		Path:     "/",
-		HttpOnly: true,
-	})
 	s.Set(loginUser, user)
 	return s.Save()
 }
 
-func SetMaxAge(c *gin.Context, maxAge int) error {
-	s := sessions.Default(c)
-	s.Options(sessions.Options{
-		Path:   "/",
-		MaxAge: maxAge,
-	})
-	return s.Save()
-}
-
 func GetLoginUser(c *gin.Context) *model.User {
 	s := sessions.Default(c)
 	obj := s.Get(loginUser)
@@ -53,8 +40,12 @@ func IsLogin(c *gin.Context) bool {
 func ClearSession(c *gin.Context) {
 	s := sessions.Default(c)
 	s.Clear()
+	basePath := c.GetString("base_path")
+	if basePath == "" {
+		basePath = "/"
+	}
 	s.Options(sessions.Options{
-		Path:   "/",
+		Path:   basePath,
 		MaxAge: -1,
 	})
 	s.Save()

web/web.go

@@ -176,10 +176,23 @@ func (s *Server) initRouter() (*gin.Engine, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	sessionMaxAge, err := s.settingService.GetSessionMaxAge()
+	if err != nil {
+		return nil, err
+	}
 	engine.Use(gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedPaths([]string{basePath + "xui/API/"})))
 	assetsBasePath := basePath + "assets/"
 
 	store := cookie.NewStore(secret)
+	sessionOptions := sessions.Options{
+		Path:     basePath,
+		HttpOnly: true,
+	}
+	if sessionMaxAge > 0 {
+		sessionOptions.MaxAge = sessionMaxAge * 60
+	}
+	store.Options(sessionOptions)
 	engine.Use(sessions.Sessions("x-ui", store))
 	engine.Use(func(c *gin.Context) {
 		c.Set("base_path", basePath)