-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace passport server-side sessions with cookie session #349
Conversation
@@ -13,10 +13,11 @@ KEYCLOAK_REDIRECT_URI=http://localhost:4000/auth | |||
STRIPE_PUBLIC_API_KEY=ENTER_STRIPE_PUBLIC_KEY_HERE | |||
OAUTH2_AUTH_URL=http://localhost:4444/oauth2/auth | |||
OAUTH2_TOKEN_URL=http://hydra:4444/oauth2/token | |||
HYDRA_ADMIN_URL=http://hydra:4445 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unrelated to this PR, but discovered this unused env var. It shouldn't be here anymore.
@@ -46,8 +46,8 @@ | |||
"chalk": "^2.3.2", | |||
"classnames": "^2.2.5", | |||
"cookie-parser": "^1.4.3", | |||
"cookie-session": "^2.0.0-beta.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also saw some errors in Snyk. I haven't looked well, but it looks like they are from nextjs and not the addition of this package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested this pretty thoroughly and I believe it's working as intended.
On develop
:
- Start storefront container
- Log in
- Restart storefront container
- Refresh page and I'm no longer logged in
On this branch:
- Start storefront container
- Log in
- Restart storefront container
- Refresh page and I am still logged in
Resolves #344
Impact: major
Type: feature+bugfix
Issue
Our staging deploy of Starterkit fails to complete the OAuth flow. You either get a Forbidden error message or are not able to login.
This is believed to be caused session management issues. The current Passport setup uses
express-session
which by default stores sessions in memory, which is a problem when the app is deployed on many instances.Solution
Make Passport use cookies to store session state (this was our previous setup before the addition of the OAuth flow). So the solution here is to update the Passport configuration to use cookies.
Testing