directus · paescuj · Apr 25, 2024 · Apr 25, 2024 · Apr 25, 2024 · Apr 26, 2024
diff --git a/.changeset/orange-planets-type.md b/.changeset/orange-planets-type.md
@@ -0,0 +1,5 @@
+---
+'@directus/api': patch
+---
+
+Added clearing of invalid session cookies, enabling affected clients to perform requests (and especially login) again
diff --git a/api/src/app.ts b/api/src/app.ts
@@ -51,12 +51,11 @@ import emitter from './emitter.js';
 import { getExtensionManager } from './extensions/index.js';
 import { getFlowManager } from './flows.js';
 import { createExpressLogger, useLogger } from './logger.js';
-import authenticate from './middleware/authenticate.js';
+import { authenticate } from './middleware/authenticate/index.js';
 import cache from './middleware/cache.js';
 import { checkIP } from './middleware/check-ip.js';
 import cors from './middleware/cors.js';
 import errorHandler from './middleware/error-handler.js';
-import extractToken from './middleware/extract-token.js';
 import getPermissions from './middleware/get-permissions.js';
 import rateLimiterGlobal from './middleware/rate-limiter-global.js';
 import rateLimiter from './middleware/rate-limiter-ip.js';
@@ -200,8 +199,6 @@ export default async function createApp(): Promise<express.Application> {
 
  app.use(cookieParser());
 
- app.use(extractToken);
-
  app.get('/', (_req, res, next) => {
  if (env['ROOT_REDIRECT']) {
  res.redirect(env['ROOT_REDIRECT'] as string);

diff --git a/api/src/middleware/authenticate.test.ts b/api/src/middleware/authenticate.test.ts
diff --git a/api/src/middleware/authenticate.ts b/api/src/middleware/authenticate.ts