We had to work around an authentication issue after upgrading to Grafana 7. The issue is now resolved for us, but I’m posting here in case it helps anyone else.
We host Grafana under a sub path, and use OAuth for authentication. After upgrading to Grafana 7, some users were unable to log in, and kept getting redirected to authentication page after each login attempt.
The problem was related to PR 22265, which removed the trailing slash from the login cookie’s path. The issue is that if a user had an existing cookie under the old path, then it would be read by Grafana, but could not be cleared by Grafana because the path no longer matched the one that Grafana was setting. Because of this, once a user’s session expired, Grafana would not be able to clear the cookie, and the user would be stuck.
Manually clearing cookies fixes it for a particular browser, but to fix it for everyone we changed the login_cookie_name so that the old cookie would get ignored.
[auth] login_cookie_name = grafana_session2
(Obviously, this has the side effect of forcing everyone to re-authenticate)