Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Secure and HttpOnly flags in session cookie #118

Open
wojtekolesinski opened this issue Jul 27, 2023 · 2 comments · May be fixed by #119
Open

Support Secure and HttpOnly flags in session cookie #118

wojtekolesinski opened this issue Jul 27, 2023 · 2 comments · May be fixed by #119
Labels
enhancement New feature or request

Comments

@wojtekolesinski
Copy link

Is this a bug report or feature request?

  • Feature Request

What should the feature do:

Allow the user to add the Secure and HttpOnly flags to session cookie. It can be configured the same way, as the SameSite attribute.

What is use case behind this feature:

These attributes allow developers to further secure the cookies. See mozilla docs below:
Restrict access to cookies
Cookie security

Additional Information:
@wojtekolesinski wojtekolesinski added the enhancement New feature or request label Jul 27, 2023
@edwardzjl
Copy link
Contributor

Currently the logout endpoint requires authservice_session been carried in the Header. (I don't know why)

To enable HttpOnly we need to change the logout endpoint first.

@wojtekolesinski
Copy link
Author

wojtekolesinski commented Jul 27, 2023
edited
Loading

Is there any reason we are using SessionFromID instead of SessionFromRequest in the logout function? I see, that the second method uses the first one under the hood, so maybe it could be a drop in replacement

@wojtekolesinski wojtekolesinski linked a pull request Aug 2, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/cookie flags wojtekolesinski/oidc-authservice
2 participants
@edwardzjl @wojtekolesinski