-
-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix session middleware not migrated with v4 #11777
Conversation
As mentioned in #11337 the issue might've already been fixed by the Strapi team in the next release (v4.0.1). |
prefix: 'strapi:sess:', | ||
ttl: 864000000, | ||
rolling: false, | ||
secretKeys: ['mySecretKey1', 'mySecretKey2'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These really need to be auto-generated, we never did it in v3 but it's a security risk
const publicStatic = require('./public'); | ||
|
||
module.exports = { | ||
errors, | ||
ip, | ||
security, | ||
session, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be a breaking change correct @alexandrebodin ? It would need to be added to the default ./config/middlewares.js
?
Thank you for this PR! Also, it seems the session middleware was never used with another store than the easy and default one What do you think @rgoupil @derrickmehaffy @alexandrebodin ? |
I can confirm that alternative stores other than node-memory were not working in v3, we never properly updated that package to use the database or redis |
I didn't want to be rude but I agree that the whole session middleware could use a good refactoring. I stopped at making it work again 😅 @petersg83 please be my guest and make it pretty 😎 Figuring the other stores was educated guess work indeed. I don't think installing extra packages is bad as long as it is properly documented, that's how plugins work after all. I'm happy to have a fix for now and even happier that you guys are going to make it better! |
Ahah I understand :p Thank you! Here is my PR : #11825 |
Sure thing! Although it will probably have to wait for tomorrow for me. edit: found some time under a rock and left a few comments! I can't test it yet though. |
@petersg83 I got to test your version and it seem to be working fine with auth0 🎉🎉
I suggest adding a check with a better error message in the session middleware to avoid this unclear trace and error. |
Is there any workaround for this? Or do we need to wait for a fix? |
@cloakedninjas you can fix it by adding the session middleware yourself for now. The PR is being worked on hopefully we will release a fix very soon |
Adding
Or am I misunderstanding ? |
You have to create a custom middleware that loads koa-session as the session middleware is not available yet (the goal of the PR) |
What does it do?
Why is it needed?
The auth provider system rely on the session middleware to create and maintain user sessions.
In v4.0.0, the auth provider is broken as reported in #11337.
How to test it?
If the issue persists, then you will be met by 400 error and the message "Grant: mount session middleware first".
Following this PR, the login provider should behave correctly and create an end-user session.
Related issue(s)/PR(s)
Related to #11337 by fixing the task "Error: Grant: mount session middleware first". Other tasks are left untouched.
Related to PR strapi/documentation#550.