Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(API): do not reset the auth cookie on every request to GET /login #4459

Merged
merged 2 commits into from
Oct 27, 2022
Merged

fix(API): do not reset the auth cookie on every request to GET /login #4459

merged 2 commits into from
Oct 27, 2022

Conversation

netroy
Copy link
Member

@netroy netroy commented Oct 27, 2022

The cookie and the JWT refresh is already handled in refreshExpiringCookie middleware, which only updates the cookie 3 days before the expiration.

The middleware also uses issueCookie, which ensures that attributes like sameSite and httpOnly are correctly set on the cookie.

@netroy netroy requested a review from krynble October 27, 2022 14:44
@linear
Copy link

linear bot commented Oct 27, 2022

N8N-5133

krynble
krynble previously approved these changes Oct 27, 2022
View reviewed changes
@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Oct 27, 2022
@netroy
fix(API): do not reset the auth cookie on every request to GET /login
6e6de2c 
The cookie and the JWT refresh is already handled in `refreshExpiringCookie` middleware, which only updates the cookie 3 days before the expiration.

The middleware also uses `issueCookie`, which ensures that attributes like `sameSite` and `httpOnly` are correctly set on the cookie.
@netroy
fix the test
9beacf2
@netroy netroy force-pushed the N8N-5133-fix-cookie-samesite branch from 681fbdf to 9beacf2 Compare October 27, 2022 15:22
@netroy netroy merged commit c66929f into master Oct 27, 2022
@netroy netroy deleted the N8N-5133-fix-cookie-samesite branch October 27, 2022 15:40
@n8n-assistant n8n-assistant bot added the Upcoming Release Will be part of the upcoming release label Oct 27, 2022
@janober
Copy link
Member

janober commented Oct 28, 2022

Got released with n8n@0.200.1

@janober janober removed the Upcoming Release Will be part of the upcoming release label Oct 28, 2022
valya pushed a commit to valya/n8n that referenced this pull request Nov 8, 2022
@netroy
fix(API): do not reset the auth cookie on every request to `GET /logi…
4728663 
…n` (n8n-io#4459)

The cookie and the JWT refresh is already handled in `refreshExpiringCookie` middleware, which only updates the cookie 3 days before the expiration.

The middleware also uses `issueCookie`, which ensures that attributes like `sameSite` and `httpOnly` are correctly set on the cookie.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krynble krynble krynble approved these changes

Assignees
No one assigned
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @krynble