Fix: now cookie set per subpath #39

internal/view/index.html

@@ -92,7 +92,7 @@
 								return response;
 							}).then(() => {
 								localStorage.removeItem("shiori-account");
-								document.cookie = "session-id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;";
+								document.cookie = `session-id=; Path=${document.baseURI}; Expires=Thu, 01 Jan 1970 00:00:00 GMT;`;
 								location.href = new URL("login", document.baseURI);
 							}).catch(err => {
 								this.dialog.loading = false;

internal/view/js/page/base.js

@@ -104,7 +104,7 @@ export default {
 						var loginUrl = new Url("login", document.baseURI);
 						loginUrl.query.dst = window.location.href;
 
-						document.cookie = "session-id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;";
+						document.cookie = "session-id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT;";
 						location.href = loginUrl.toString();
 					}
 				}

internal/view/login.html

@@ -79,22 +79,28 @@
 					}
 
 					// Remove old cookie
-					document.cookie = "session-id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;";
+					document.cookie = `session-id=; Path=${document.baseURI}; Expires=Thu, 01 Jan 1970 00:00:00 GMT;`;
 
 					// Send request
 					this.loading = true;
+					var sessionAge = this.remember ? 12 : 1;
+
 					fetch(new URL("api/login", document.baseURI), {
 						method: "post",
 						body: JSON.stringify({
 							username: this.username,
 							password: this.password,
-							remember: this.remember ? 12 : 1,
+							remember: sessionAge,
 						}),
 						headers: { "Content-Type": "application/json" },
 					}).then(response => {
 						if (!response.ok) throw response;
 						return response.json();
 					}).then(json => {
+						// Save session id
+						var expTime = new Date(Date.now() + sessionAge * 3600 * 1000).toUTCString();
+						document.cookie = `session-id=${json.session}; Path=${document.baseURI}; Expires=${expTime}`;
+
 						// Save account data
 						localStorage.setItem("shiori-account", JSON.stringify(json.account));
 

internal/webserver/handler-api.go

@@ -53,15 +53,7 @@ func (h *handler) apiLogin(w http.ResponseWriter, r *http.Request, ps httprouter
 		}
 		h.UserCache.Set(request.Username, sessionIDs, -1)
 
-		// Return session ID to user in cookies
-		http.SetCookie(w, &http.Cookie{
-			Name:    "session-id",
-			Value:   strSessionID,
-			Path:    "/",
-			Expires: time.Now().Add(expTime),
-		})
-
-		// Send account data
+		// Send login result
 		account.Password = ""
 		loginResult := struct {
 			Session string        `json:"session"`
@@ -573,7 +565,7 @@ func (h *handler) apiUpdateBookmarkTags(w http.ResponseWriter, r *http.Request,
 	for i := range bookmarks {
 		strID := strconv.Itoa(bookmarks[i].ID)
 		imgPath := fp.Join(h.DataDir, "thumb", strID)
-		imgURL := path.Join("/", "bookmark", strID, "thumb")
+		imgURL := path.Join(h.RootPath, "bookmark", strID, "thumb")
 
 		if fileExists(imgPath) {
 			bookmarks[i].ImageURL = imgURL

internal/webserver/handler-ui.go

@@ -57,6 +57,10 @@ func (h *handler) serveIndexPage(w http.ResponseWriter, r *http.Request, ps http
 		return
 	}
 
+	if developmentMode {
+		h.prepareTemplates()
+	}
+
 	err = h.templates["index"].Execute(w, h.RootPath)
 	checkError(err)
 }
@@ -71,6 +75,10 @@ func (h *handler) serveLoginPage(w http.ResponseWriter, r *http.Request, ps http
 		return
 	}
 
+	if developmentMode {
+		h.prepareTemplates()
+	}
+
 	err = h.templates["login"].Execute(w, h.RootPath)
 	checkError(err)
 }
@@ -168,6 +176,10 @@ func (h *handler) serveBookmarkContent(w http.ResponseWriter, r *http.Request, p
 	}
 
 	// Execute template
+	if developmentMode {
+		h.prepareTemplates()
+	}
+
 	tplData := struct {
 		RootPath string
 		Book     model.Bookmark