Remove usage of 'next' url cookie (#2621)

rhysyngsun · web-flow · commit b02658f59771 · 2025-10-22T13:55:19.000-04:00
diff --git a/authentication/views.py b/authentication/views.py
@@ -26,7 +26,7 @@ def get_redirect_url(request, param_names):
         str: Redirect URL
     """
     for param_name in param_names:
-        next_url = request.GET.get(param_name) or request.COOKIES.get(param_name)
+        next_url = request.GET.get(param_name)
         if next_url and url_has_allowed_host_and_scheme(
             next_url, allowed_hosts=settings.ALLOWED_REDIRECT_HOSTS
         ):
diff --git a/main/middleware/apisix_user.py b/main/middleware/apisix_user.py
@@ -153,7 +153,6 @@ def process_request(self, request):
         if settings.DISABLE_APISIX_USER_MIDDLEWARE:
             return super().process_request(request)
         apisix_user = None
-        next_param = request.GET.get("next", None) if request.GET else None
         if request.META.get(self.header):
             new_header = decode_apisix_headers(
                 request, self.header, model=settings.AUTH_USER_MODEL
@@ -192,7 +191,4 @@ def process_request(self, request):
             log.debug("Forcing user logout because no APISIX user was found")
             logout(request)
 
-        response = self.get_response(request)
-        if next_param:
-            response.set_cookie("next", next_param, max_age=30, secure=False)
-        return response
+        return self.get_response(request)
