From 22900e6f0b217aea49b4a3b36ca240bde50d9da4 Mon Sep 17 00:00:00 2001
From: luke <skovati@protonmail.com>
Date: Mon, 26 Feb 2024 22:00:19 +0000
Subject: [PATCH] Overwrite `activeRole` cookie when it's not contained in
 allowed roles list (#1131)

overwrite `activeRole` cookie when it's not contained in allowed roles
---
 src/hooks.server.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index ff21e7a6de..b045f04977 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -100,8 +100,8 @@ const handleSSOAuth: Handle = async ({ event, resolve }) => {
       event.cookies.set('user', userCookie, cookieOpts);
     }
 
-    // don't overwrite existing activeRole
-    if (!activeRoleCookie || activeRoleCookie === 'deleted') {
+    // don't overwrite existing activeRole, unless it doesn't exist anymore
+    if (!activeRoleCookie || activeRoleCookie === 'deleted' || !roles.allowedRoles.includes(activeRoleCookie)) {
       event.cookies.set('activeRole', roles.defaultRole, cookieOpts);
     }
   }