1 files changed, 10 insertions, 30 deletions

diff --git a/api/user.go b/api/user.go
index 5e5ff79f1..3071e1b26 100644
--- a/api/user.go
+++ b/api/user.go
@@ -428,43 +428,23 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User,
 	}
 
 	w.Header().Set(model.HEADER_TOKEN, session.Token)
-	sessionCookie := &http.Cookie{
-		Name:     model.SESSION_TOKEN,
-		Value:    session.Token,
-		Path:     "/",
-		MaxAge:   maxAge,
-		HttpOnly: true,
-	}
-
-	http.SetCookie(w, sessionCookie)
 
+	tokens := GetMultiSessionCookieTokens(r)
 	multiToken := ""
-	if originalMultiSessionCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil {
-		multiToken = originalMultiSessionCookie.Value
-	}
-
-	// Attempt to clean all the old tokens or duplicate tokens
-	if len(multiToken) > 0 {
-		tokens := strings.Split(multiToken, " ")
-
-		multiToken = ""
-		seen := make(map[string]string)
-		seen[session.TeamId] = session.TeamId
-		for _, token := range tokens {
-			if sr := <-Srv.Store.Session().Get(token); sr.Err == nil {
-				s := sr.Data.(*model.Session)
-				if !s.IsExpired() && seen[s.TeamId] == "" {
-					multiToken += " " + token
-					seen[s.TeamId] = s.TeamId
-				}
-			}
+	seen := make(map[string]string)
+	seen[session.TeamId] = session.TeamId
+	for _, token := range tokens {
+		s := GetSession(token)
+		if s != nil && !s.IsExpired() && seen[s.TeamId] == "" {
+			multiToken += " " + token
+			seen[s.TeamId] = s.TeamId
 		}
 	}
 
-	multiToken = strings.TrimSpace(session.Token + " " + multiToken)
+	multiToken = strings.TrimSpace(multiToken + " " + session.Token)
 
 	multiSessionCookie := &http.Cookie{
-		Name:     model.MULTI_SESSION_TOKEN,
+		Name:     model.SESSION_COOKIE_TOKEN,
 		Value:    multiToken,
 		Path:     "/",
 		MaxAge:   maxAge,