Add ClientID to cookie names

Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>

pkg/router/cookies.go

@@ -21,8 +21,16 @@ type CallbackParams struct {
 	Referer      string `json:"referer"`
 }
 
+func (h *Handler) getCallbackCookieName() string {
+	return fmt.Sprintf(CallbackCookieNameTemplate, h.Config.ClientID)
+}
+
+func (h *Handler) GetSessionCookieName() string {
+	return fmt.Sprintf(SessionCookieNameTemplate, h.Config.ClientID)
+}
+
 func (h *Handler) getCallbackParams(r *http.Request) (*CallbackParams, error) {
-	callbackCookieString, err := h.getEncryptedCookie(r, CallbackCookieName)
+	callbackCookieString, err := h.getEncryptedCookie(r, h.getCallbackCookieName())
 	if err != nil {
 		return nil, err
 	}

pkg/router/router.go

@@ -31,10 +31,9 @@ import (
 )
 
 const (
-	SessionCookieName = "io.nais.wonderwall.session"
-
-	LoginCookieLifetime = 2 * time.Minute
-	CallbackCookieName  = "io.nais.wonderwall.callback"
+	LoginCookieLifetime        = 2 * time.Minute
+	SessionCookieNameTemplate  = "io.nais.wonderwall.%s.session"
+	CallbackCookieNameTemplate = "io.nais.wonderwall.%s.callback"
 
 	RedirectURLParameter           = "redirect"
 	SecurityLevelURLParameter      = "level"
@@ -230,7 +229,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = h.setEncryptedCookie(w, CallbackCookieName, string(jsonString), LoginCookieLifetime)
+	err = h.setEncryptedCookie(w, h.getCallbackCookieName(), string(jsonString), LoginCookieLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -317,7 +316,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	}
 	sessionID := h.localSessionID(externalSessionID)
 
-	err = h.setEncryptedCookie(w, SessionCookieName, sessionID, h.Config.SessionMaxLifetime)
+	err = h.setEncryptedCookie(w, h.GetSessionCookieName(), sessionID, h.Config.SessionMaxLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -405,7 +404,7 @@ func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
-		h.deleteCookie(w, SessionCookieName)
+		h.deleteCookie(w, h.GetSessionCookieName())
 	}
 
 	u, err := url.Parse(h.Config.WellKnown.EndSessionEndpoint)

pkg/router/router_test.go

@@ -248,7 +248,7 @@ func TestHandler_Callback_and_Logout(t *testing.T) {
 	cookies := client.Jar.Cookies(callbackURL)
 	var sessionCookie *http.Cookie
 	for _, cookie := range cookies {
-		if cookie.Name == router.SessionCookieName {
+		if cookie.Name == h.GetSessionCookieName() {
 			sessionCookie = cookie
 		}
 	}
@@ -262,7 +262,7 @@ func TestHandler_Callback_and_Logout(t *testing.T) {
 
 	cookies = client.Jar.Cookies(callbackURL)
 	for _, cookie := range cookies {
-		if cookie.Name == router.SessionCookieName {
+		if cookie.Name == h.GetSessionCookieName() {
 			sessionCookie = cookie
 		}
 	}
@@ -342,7 +342,7 @@ func TestHandler_FrontChannelLogout(t *testing.T) {
 	cookies := client.Jar.Cookies(callbackURL)
 	var sessionCookie *http.Cookie
 	for _, cookie := range cookies {
-		if cookie.Name == router.SessionCookieName {
+		if cookie.Name == h.GetSessionCookieName() {
 			sessionCookie = cookie
 		}
 	}

pkg/router/session.go

@@ -7,7 +7,7 @@ import (
 )
 
 func (h *Handler) getSessionFromCookie(r *http.Request) (*session.Data, error) {
-	sessionID, err := h.getEncryptedCookie(r, SessionCookieName)
+	sessionID, err := h.getEncryptedCookie(r, h.GetSessionCookieName())
 	if err != nil {
 		return nil, fmt.Errorf("no session cookie: %w", err)
 	}