1 files changed, 8 insertions, 5 deletions

diff --git a/modules/luci-base/luasrc/controller/admin/index.lua b/modules/luci-base/luasrc/controller/admin/index.lua
index 736d0cdccf..8f9b481cce 100644
--- a/modules/luci-base/luasrc/controller/admin/index.lua
+++ b/modules/luci-base/luasrc/controller/admin/index.lua
@@ -11,9 +11,13 @@ function action_logout()
 	if sid then
 		utl.ubus("session", "destroy", { ubus_rpc_session = sid })
 
-		luci.http.header("Set-Cookie", "sysauth=%s; expires=%s; path=%s" %{
-			'', 'Thu, 01 Jan 1970 01:00:00 GMT', dsp.build_url()
-		})
+		local url = dsp.build_url()
+
+		if luci.http.getenv('HTTPS') == 'on' then
+			luci.http.header("Set-Cookie", "sysauth_https=; expires=Thu, 01 Jan 1970 01:00:00 GMT; path=%s" % url)
+		end
+
+		luci.http.header("Set-Cookie", "sysauth_http=; expires=Thu, 01 Jan 1970 01:00:00 GMT; path=%s" % url)
 	end
 
 	luci.http.redirect(dsp.build_url())
@@ -185,10 +189,9 @@ end
 
 function action_menu()
 	local dsp = require "luci.dispatcher"
-	local utl = require "luci.util"
 	local http = require "luci.http"
 
-	local acls = utl.ubus("session", "access", { ubus_rpc_session = http.getcookie("sysauth") })
+	local _, _, acls = dsp.is_authenticated({ methods = { "cookie:sysauth_https", "cookie:sysauth_http" } })
 	local menu = dsp.menu_json(acls or {}) or {}
 
 	http.prepare_content("application/json")