github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: use common cookie name across all instances

Browse Source 
This will attempt to mitigate cases where many instances
of Wonderwall on the same domain set cookies which will
exceed the header size for Cookies.

Generally, this should result in decryption failures when
transitioning from one app to another, which should omit the
Authorization header and have a new session triggered by the
downstream application.

Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
This commit is contained in:
Trong Huu Nguyen
2021-10-04 10:52:41 +02:00
parent f73b4605a1
commit 5e113f4284
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/router/cookies.go
View File

@@ -11,8 +11,8 @@ import (
const (
LoginCookieLifetime = 10 * time.Minute
SessionCookieNameTemplate = "io.nais.wonderwall.%s.session"
LoginCookieNameTemplate = "io.nais.wonderwall.%s.callback"
SessionCookieNameTemplate = "io.nais.wonderwall.session"
LoginCookieNameTemplate = "io.nais.wonderwall.callback"
)
type Cookie struct {
@@ -29,11 +29,11 @@ type LoginCookie struct {
}
func (h *Handler) GetLoginCookieName() string {
return fmt.Sprintf(LoginCookieNameTemplate, h.Config.ClientID)
return LoginCookieNameTemplate
}
func (h *Handler) GetSessionCookieName() string {
return fmt.Sprintf(SessionCookieNameTemplate, h.Config.ClientID)
return SessionCookieNameTemplate
}
func (h *Handler) getLoginCookie(w http.ResponseWriter, r *http.Request) (*LoginCookie, error) {