ZCS-12917: added path to ZM_TEST and ZM_LOGIN_CSRF cookies

Zimbra · Feb 1, 2023 · 7de21b9 · 7de21b9
1 parent 6ebcc09
commit 7de21b9
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/WebRoot/public/login.jsp b/WebRoot/public/login.jsp
@@ -386,12 +386,14 @@ if (application.getInitParameter("offlineMode") != null) {
 <%
 	Cookie testCookie = new Cookie("ZM_TEST", "true");
 	testCookie.setSecure(com.zimbra.cs.taglib.ZJspSession.secureAuthTokenCookie(request));
+	testCookie.setPath("/");
 	response.addCookie(testCookie);
 
 	String csrfToken = UUID.randomUUID().toString();
 	Cookie csrfCookie = new Cookie("ZM_LOGIN_CSRF", csrfToken);
 	csrfCookie.setSecure(com.zimbra.cs.taglib.ZJspSession.secureAuthTokenCookie(request));
 	csrfCookie.setHttpOnly(true);
+	csrfCookie.setPath("/");
 	response.addCookie(csrfCookie);
 
 	pageContext.setAttribute("login_csrf", csrfToken);