From 5e113f428435c6f3a2aa88a2f20d00a30bc363db Mon Sep 17 00:00:00 2001 From: Trong Huu Nguyen Date: Mon, 4 Oct 2021 10:52:41 +0200 Subject: [PATCH] refactor: use common cookie name across all instances MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will attempt to mitigate cases where many instances of Wonderwall on the same domain set cookies which will exceed the header size for Cookies. Generally, this should result in decryption failures when transitioning from one app to another, which should omit the Authorization header and have a new session triggered by the downstream application. Co-Authored-By: Sindre Rødseth Hansen --- pkg/router/cookies.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/router/cookies.go b/pkg/router/cookies.go index 6849cbd..1a70a2b 100644 --- a/pkg/router/cookies.go +++ b/pkg/router/cookies.go @@ -11,8 +11,8 @@ import ( const ( LoginCookieLifetime = 10 * time.Minute - SessionCookieNameTemplate = "io.nais.wonderwall.%s.session" - LoginCookieNameTemplate = "io.nais.wonderwall.%s.callback" + SessionCookieNameTemplate = "io.nais.wonderwall.session" + LoginCookieNameTemplate = "io.nais.wonderwall.callback" ) type Cookie struct { @@ -29,11 +29,11 @@ type LoginCookie struct { } func (h *Handler) GetLoginCookieName() string { - return fmt.Sprintf(LoginCookieNameTemplate, h.Config.ClientID) + return LoginCookieNameTemplate } func (h *Handler) GetSessionCookieName() string { - return fmt.Sprintf(SessionCookieNameTemplate, h.Config.ClientID) + return SessionCookieNameTemplate } func (h *Handler) getLoginCookie(w http.ResponseWriter, r *http.Request) (*LoginCookie, error) {