Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session getting added to DB, but not to cookie, when set to SameSiteNone, but works in SameSiteLax #194

Closed
spa5k opened this issue Jan 11, 2024 · 2 comments
Closed

Session getting added to DB, but not to cookie, when set to SameSiteNone, but works in SameSiteLax #194

spa5k opened this issue Jan 11, 2024 · 2 comments

Comments

@spa5k
Copy link

spa5k commented Jan 11, 2024
edited
Loading

session manager -

func SessionManager() *scs.SessionManager {
	once.Do(func() {
		Manager = scs.New()
		Manager.Lifetime = 24 * time.Hour
		Manager.Cookie.Persist = true
		Manager.Cookie.SameSite = http.SameSiteNoneMode
		Manager.Cookie.Path = "" // Empty string to allow for all localhost sites
		Manager.Cookie.HttpOnly = true
		//Manager.Cookie.Name = "session_id"
		//Manager.Cookie.Domain = ""

		Manager.Store = pgxstore.NewWithCleanupInterval(GetPool(), time.Minute*30)
		//osEnv := os.Getenv("ENV")
		//if osEnv == "production" {
		//	Manager.Cookie.Secure = true // Set to true when serving over HTTPS
		//}
	})
	return Manager
}

Auth -

func (p *GithubProvider) Callback(w http.ResponseWriter, r *http.Request) {
	err := helpers.ValidateStateAndCookieState(w, r)
	if err != nil {
		...
	}
	code := r.URL.Query().Get("code")
	token, err := helpers.ExchangeCodeForToken(r, code, p.OAuthConfig)
	if err != nil {
		...
	}

	client := p.OAuthConfig.Client(r.Context(), token)
	email, err := helpers.GetUserMainEmail(client)
	if err != nil {
		...
	}
........

	db.SessionManager().Put(r.Context(), "userId", user.ID)
	println("Redirecting to review ui", "userId", user.ID)

	redirectURL, err := url.Parse(config.Configuration.Services.ReviewUIService)
	if err != nil {
		....
	}
	logger.Info("Response headers", "headers", w.Header())

	http.Redirect(w, r, redirectURL.String()+"/auth", http.StatusFound)
}

This is weird error, i've been trying to create cookie with session, but for some reason, it does not add anything to the cookie.

sample log -

githubAuth      handlers/github.go:179  Response headers        {"headers": {"Set-Cookie":["state=da4e707a-9eb3-407b-baac-d16bbe7cc597; Max-Age=0"],"Vary":["Cookie"]}}
@spa5k
Copy link
Author

spa5k commented Jan 11, 2024

But when I set the cookie to - Manager.Cookie.SameSite = http.SameSiteLaxMode, it starts working.

@spa5k spa5k changed the title Session getting added to DB, but not to cookie Session getting added to DB, but not to cookie, when set to SameSiteNone, but works in SameSiteLax Jan 11, 2024
@spa5k
Copy link
Author

spa5k commented Jan 11, 2024

Fixed it, according to latest changes in 2020, SameSite none also requires Secure to be enabled.

https://stackoverflow.com/questions/2117248/setting-cookie-in-iframe-different-domain

@spa5k spa5k closed this as completed Jan 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spa5k