From 8e007af39d672107c97b52c7ee626527ab289de0 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 19 May 2026 23:03:51 +0200
Subject: [PATCH] Fiix cookies with some browsers (#8867)

Fix https://github.com/FreshRSS/FreshRSS/issues/8850
Fix login with e.g. SeaMonkey
Regression due to https://github.com/FreshRSS/FreshRSS/pull/8778
---
 app/Controllers/authController.php |  2 ++
 lib/Minz/Session.php               | 18 ++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index a8938228a..88e81a902 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -187,6 +187,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 				Minz_Request::setBadNotification(_t('feedback.auth.login.invalid'));
 				Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false);
 			}
+		} else {
+			Minz_Session::deleteLegacyCookie('FreshRSS');	// Delete legacy cookie (before 1.29.0)
 		}
 	}
 
diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php
index 43678ab2c..5251e31fa 100644
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -55,14 +55,6 @@ class Minz_Session {
 
 		session_name($name);
 
-		// Delete legacy cookie (before 1.29.0) if it exists
-		if (isset($_COOKIE[$name])) {
-			$legacyDir = self::getLegacyCookieDir();
-			if ($legacyDir !== '' && $legacyDir !== '/') {
-				setcookie($name, '', ['expires' => 1, 'path' => $legacyDir]);
-			}
-		}
-
 		// When using cookies (default value), session_start() sends HTTP headers
 		session_start();
 		session_write_close();
@@ -205,6 +197,16 @@ class Minz_Session {
 		return $cookie_dir;
 	}
 
+	/** Delete legacy cookie (before 1.29.0) if it exists */
+	public static function deleteLegacyCookie(string $name): void {
+		if (isset($_COOKIE[$name])) {
+			$legacyDir = self::getLegacyCookieDir();
+			if ($legacyDir !== '' && $legacyDir !== '/') {
+				setcookie($name, '', ['expires' => 1, 'path' => $legacyDir]);
+			}
+		}
+	}
+
 	/**
 	 * Regenerate a session id.
 	 */