From c1cfe7c129de8a8642a535472e8ade192c5d2540 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= <byewokko@seznam.cz>
Date: Thu, 13 Jun 2024 22:39:13 +0200
Subject: [PATCH 1/4] encrypted session identifiers must be treated specially
 in session update (same as in session creation)

---
 seacatauth/session/service.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/seacatauth/session/service.py b/seacatauth/session/service.py
index 5c038a9c..451c2523 100644
--- a/seacatauth/session/service.py
+++ b/seacatauth/session/service.py
@@ -252,7 +252,11 @@ async def update_session(self, session_id: str, session_builders: list):
 
 		for session_builder in session_builders:
 			for key, value in session_builder:
-				upsertor.set(key, value, encrypt=(key in SessionAdapter.EncryptedAttributes))
+				if key in SessionAdapter.EncryptedIdentifierFields and value is not None:
+					value = SessionAdapter.EncryptedPrefix + self.aes_encrypt(value)
+					upsertor.set(key, value)
+				else:
+					upsertor.set(key, value, encrypt=(key in SessionAdapter.EncryptedAttributes))
 
 		await upsertor.execute(event_type=EventTypes.SESSION_UPDATED)
 

From a01f041c7a74e3c6cf5163ead9abf74c39e9fe72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= <byewokko@seznam.cz>
Date: Thu, 13 Jun 2024 22:45:56 +0200
Subject: [PATCH 2/4] update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22980f04..e4b5c041 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## v24.20
 
 ### Pre-releases
+- `v24.20-alpha12`
 - `v24.20-alpha11`
 - `v24.20-alpha10`
 - `v24.20-alpha9`
@@ -19,6 +20,7 @@
 - Default password criteria are more restrictive (#372, `v24.20-alpha1`, Compatible with Seacat Auth Webui v24.19-alpha and later, Seacat Account Webui v24.08-beta and later)
 
 ### Fix
+- Properly encrypt cookie value in session update (#394, `v24.20-alpha12`)
 - Properly parse URL query before adding new parameters (#393, `v24.20-alpha11`)
 - Delete client cookie on introspection failure (#385, `v24.20-alpha6`)
 - Extend session expiration at cookie entrypoint (#383, `v24.20-alpha5`)

From 718e53a8eb1e8e827ee70615852ed3b9cabe76fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= <byewokko@seznam.cz>
Date: Thu, 13 Jun 2024 22:56:28 +0200
Subject: [PATCH 3/4] log session update

---
 seacatauth/session/service.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/seacatauth/session/service.py b/seacatauth/session/service.py
index 451c2523..cc92e704 100644
--- a/seacatauth/session/service.py
+++ b/seacatauth/session/service.py
@@ -260,6 +260,10 @@ async def update_session(self, session_id: str, session_builders: list):
 
 		await upsertor.execute(event_type=EventTypes.SESSION_UPDATED)
 
+		L.log(asab.LOG_NOTICE, "Session updated.", struct_data={
+			"sid": session_id,
+			"type": session_dict.get(SessionAdapter.FN.Session.Type),
+		})
 		return await self.get(session_id)
 
 

From 93c82d5ba89c648caa435ce26a63b9bd30210273 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= <byewokko@seznam.cz>
Date: Thu, 13 Jun 2024 22:57:58 +0200
Subject: [PATCH 4/4] update CHANGELOG.md

---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e4b5c041..a6a3a2c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,6 @@
 ## v24.20
 
 ### Pre-releases
-- `v24.20-alpha12`
 - `v24.20-alpha11`
 - `v24.20-alpha10`
 - `v24.20-alpha9`
@@ -20,7 +19,7 @@
 - Default password criteria are more restrictive (#372, `v24.20-alpha1`, Compatible with Seacat Auth Webui v24.19-alpha and later, Seacat Account Webui v24.08-beta and later)
 
 ### Fix
-- Properly encrypt cookie value in session update (#394, `v24.20-alpha12`)
+- Properly encrypt cookie value in session update (#394, `v24.20-alpha11`)
 - Properly parse URL query before adding new parameters (#393, `v24.20-alpha11`)
 - Delete client cookie on introspection failure (#385, `v24.20-alpha6`)
 - Extend session expiration at cookie entrypoint (#383, `v24.20-alpha5`)