Re: [PR] Fix redirect loop when stale root-path `_token` cookie exists from older Airflow instance [airflow]

via GitHub Mon, 13 Apr 2026 06:50:21 -0700


wolfdn commented on code in PR #64955:
URL: https://github.com/apache/airflow/pull/64955#discussion_r3073427545



##########
airflow-core/src/airflow/api_fastapi/core_api/routes/public/auth.py:
##########
@@ -66,12 +66,22 @@ def logout(request: Request, auth_manager: AuthManagerDep) 
-> RedirectResponse:
         auth_manager.revoke_token(token_str)
 
     secure = request.base_url.scheme == "https" or bool(conf.get("api", 
"ssl_cert", fallback=""))
+    cookie_path = get_cookie_path()
     response = RedirectResponse(auth_manager.get_url_login())
     response.delete_cookie(
         key=COOKIE_NAME_JWT_TOKEN,
-        path=get_cookie_path(),
+        path=cookie_path,
         secure=secure,
         httponly=True,
     )
+    # Clear any stale _token cookie at root path "/" left by
+    # older Airflow instances to prevent redirect loops.
+    if cookie_path != "/":
+        response.delete_cookie(
+            key=COOKIE_NAME_JWT_TOKEN,

Review Comment:
   Done in e641ad8975c4bfa23008773ad71524531c5d202d



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] Fix redirect loop when stale root-path `_token` cookie exists from older Airflow instance [airflow]

Reply via email to