From 617b0d6fd9d76acef1637165fe2a0598a7232746 Mon Sep 17 00:00:00 2001
From: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>
Date: Tue, 23 Jun 2020 20:00:50 -0700
Subject: [PATCH] Set JWT cookie path to HTTP root

* Fixes Tautulli/Tautulli-Issues#255
---
 plexpy/webauth.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/plexpy/webauth.py b/plexpy/webauth.py
index b29659ae..5bffda96 100644
--- a/plexpy/webauth.py
+++ b/plexpy/webauth.py
@@ -298,7 +298,7 @@ class AuthController(object):
         jwt_cookie = str(JWT_COOKIE_NAME + plexpy.CONFIG.PMS_UUID)
         cherrypy.response.cookie[jwt_cookie] = 'expire'
         cherrypy.response.cookie[jwt_cookie]['expires'] = 0
-        cherrypy.response.cookie[jwt_cookie]['path'] = '/'
+        cherrypy.response.cookie[jwt_cookie]['path'] = plexpy.HTTP_ROOT.rstrip('/') or '/'
 
         cherrypy.request.login = None
 
@@ -344,7 +344,9 @@ class AuthController(object):
             jwt_cookie = str(JWT_COOKIE_NAME + plexpy.CONFIG.PMS_UUID)
             cherrypy.response.cookie[jwt_cookie] = jwt_token
             cherrypy.response.cookie[jwt_cookie]['expires'] = int(time_delta.total_seconds())
-            cherrypy.response.cookie[jwt_cookie]['path'] = '/'
+            cherrypy.response.cookie[jwt_cookie]['path'] = plexpy.HTTP_ROOT.rstrip('/') or '/'
+            cherrypy.response.cookie[jwt_cookie]['httponly'] = True
+            cherrypy.response.cookie[jwt_cookie]['samesite'] = 'lax'
 
             cherrypy.request.login = payload
             cherrypy.response.status = 200