luci-base: sysauth_https cookie isn't removed at logout

[mikma]

Steps to reproduce:

1. log in via https

2. log out

3. inspect page in browser

Actual behavior:

The /cgi-bin/luci/admin/logout response headers contains one set-cookie line which expires the sysauth_http cookie but not the sysauth_https cookie:
set-cookie: sysauth_http=; expires=Thu, 01 Jan 1970 01:00:00 GMT; path=/cgi-bin/luci/

Expected behavior:

The /cgi-bin/luci/admin/logout response headers should contain two set-cookie lines which expire both cookies, sysauth_http and sysauth_https (or maybe it's enough to expire the sysauth_https cookie when you use https.)

Additional Information:

OpenWrt version information from system /etc/openwrt_release

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='23.05.3'
DISTRIB_REVISION='r23809-234f1a2efa'
DISTRIB_TARGET='x86/64'
DISTRIB_ARCH='x86_64'
DISTRIB_DESCRIPTION='OpenWrt 23.05.3 r23809-234f1a2efa'
DISTRIB_TAINTS=''

I have debugged the issue and apparently action_logout in modules/luci-base/ucode/controller/admin/index.uc first sets the set-cookie header to sysauth_https=... if https is enabled, and after that it always sets the set-cookie header to sysauth_http=... which overwrites the first set-cookie header.