Encrypt cookie value in session update #394

byewokko · 2024-06-13T20:43:23Z

Issue

Successful re-login leads to logout. This is caused by session cookie value being stored improperly in the DB. This happens only in root SSO session update, i.e. re-login.

Solution

Cookie value must be encrypted in session update the same way it is done in session creation.

…date (same as in session creation)

encrypted session identifiers must be treated specially in session up…

c1cfe7c

…date (same as in session creation)

byewokko added the bug Something isn't working label Jun 13, 2024

byewokko self-assigned this Jun 13, 2024

byewokko added 2 commits June 13, 2024 22:44

Merge branch 'refs/heads/main' into fix/update-encrypted-session-field

eb82e25

update CHANGELOG.md

a01f041

byewokko marked this pull request as ready for review June 13, 2024 20:46

byewokko added 2 commits June 13, 2024 22:56

log session update

718e53a

update CHANGELOG.md

93c82d5

byewokko merged commit 3c616cc into main Jun 13, 2024
2 checks passed

byewokko deleted the fix/update-encrypted-session-field branch June 13, 2024 20:58

byewokko mentioned this pull request Jun 26, 2024

Merge fixes and features #401

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Encrypt cookie value in session update #394

Encrypt cookie value in session update #394

byewokko commented Jun 13, 2024 •

edited

Loading

Encrypt cookie value in session update #394

Encrypt cookie value in session update #394

Conversation

byewokko commented Jun 13, 2024 • edited Loading

Issue

Solution

byewokko commented Jun 13, 2024 •

edited

Loading