fix: use opsession instead of session as cookie name (#177)

To prevent collision with OFF
openfoodfacts · Jan 31, 2024 · dfd3e6a · dfd3e6a
1 parent ab33fc2
commit dfd3e6a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/api.py b/app/api.py
@@ -221,7 +221,7 @@ def authentication(
             # Don't add httponly=True or secure=True as it's still in
             # development phase, but it should be added once the front-end
             # is ready
-            response.set_cookie(key="session", value=token)
+            response.set_cookie(key="opsession", value=token)
         return {"access_token": token, "token_type": "bearer"}
     elif r.status_code == 403:
         time.sleep(2)  # prevents brute-force

diff --git a/app/auth.py b/app/auth.py
@@ -33,7 +33,7 @@ def __init__(
 
     async def __call__(self, request: Request) -> Optional[str]:
         authorization = request.headers.get("Authorization")
-        session_cookie = request.cookies.get("session")
+        session_cookie = request.cookies.get("opsession")
         scheme, param = get_authorization_scheme_param(authorization)
 
         # If a session cookie is present, use that instead of the