Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: admit longer session cookies by using a larger store #4600

Merged
merged 4 commits into from
Nov 8, 2024
Merged

fix: admit longer session cookies by using a larger store #4600

merged 4 commits into from
Nov 8, 2024

Conversation

kedorlaomer
Copy link
Contributor

@kedorlaomer kedorlaomer commented Oct 30, 2024
edited
Loading

Description

Add an explicit cookie store with a bigger limit so that we can accept larger session cookies. Some OIDC providers require that.

Changelog

  • server/src/api/login.go: in beginAuthProviderVerification, set a cookie store

Checklist

  • [ x] I have performed a self-review of my own code
  • [ x] I have commented my code, particularly in hard-to-understand areas
  • [ x] The light- and dark-theme are both supported and tested
  • [ x] The design was implemented and is responsive for all devices and screen sizes
  • [ x] The application was tested in the most commonly used browsers (e.g. Chrome, Firefox, Safari)

(Optional) Visual Changes

none

@brandstetterm
Copy link
Collaborator

brandstetterm commented Oct 30, 2024
edited
Loading

Hey @kedorlaomer
Thank you for your contribution! Could please explain what are the advantages of your changes?

@brandstetterm brandstetterm reopened this Oct 30, 2024
@kedorlaomer
Copy link
Contributor Author

kedorlaomer commented Oct 30, 2024
edited
Loading

We were using Microsoft's OIDC provider. It was sending session cookies which were larger than the default size of 4k. The backend wouldn't accept the login. Therefore, we had to increase the limit in our own fork.

Note that this does not mean that 1e9 bytes of memory and/or storage are used. It is just a limit. The original example (which I'd need to dig out) used the largest positive integer 😸.

EDIT: Didn't see that my PR description got truncated 😭

@Schwehn42
Copy link
Collaborator

@kedorlaomer we can definitely increase the limit, I would prefer some logical value over an arbitrary one though. Something like 16k or 32k should be more than enough, shouldn't it?

@Schwehn42 Schwehn42 added the Changes Requested Changes requested by the reviewer label Nov 1, 2024
@kedorlaomer
Copy link
Contributor Author

changed to 32k

Schwehn42
Schwehn42 approved these changes Nov 6, 2024
View reviewed changes
Copy link
Collaborator

@Schwehn42 Schwehn42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Here's the PR you were referring to btw: markbates/goth#141

Note that before releasing, we will wrap this around a feature flag which is deactivated by default, as NewFilesystemStore is still an experimental feature. I'll tag you in the related PR. Thanks for your contribution!

@Schwehn42 Schwehn42 removed the Changes Requested Changes requested by the reviewer label Nov 6, 2024
@Schwehn42 Schwehn42 added this pull request to the merge queue Nov 8, 2024
Merged via the queue into inovex:main with commit 192fddf Nov 8, 2024
10 of 12 checks passed
@Schwehn42 Schwehn42 mentioned this pull request Nov 8, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Schwehn42 Schwehn42 Schwehn42 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kedorlaomer @brandstetterm @Schwehn42