OCPBUGS-65967: Clean up old session cookies to prevent accumulation

[TheRealJon]

Problem

When users are load-balanced across multiple console pods, each pod creates a session cookie with a unique name based on POD_NAME: openshift-session-token-<POD_NAME>.

With a 1-month cookie expiration, users accumulate cookies from different pods without old ones being removed. This is especially problematic with Azure AD SSO where new authentication tokens are issued on each login, causing OpenShift to create new session cookies instead of reusing old ones.

Over time, the cookie header can exceed 4096 bytes, causing errors.

Solution

This fix cleans up session cookies from other pods when creating a new session, ensuring only one active session cookie exists at a time.

Changes

• Modified AddSession() to expire old pod cookies before creating new session in pkg/auth/sessions/combined_sessions.go:46-73
• Updated DeleteSession() to use modern cookie expiration pattern (removed outdated Go loop variable capture)
• Added test TestCombinedSessionStore_AddSession_CleansUpOldPodCookies to verify old pod cookies are properly expired

Testing

• All existing session tests pass ✓
• New test verifies old pod cookies are expired on new session creation ✓

Impact

• Backward compatible: Existing sessions continue to work
• Low risk: Only affects cookie cleanup during new session creation
• Performance: Minimal overhead - iterates through cookies once per login

Fixes: OCPBUGS-65967

🤖 Generated with Claude Code