-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
handle mupltiple cookies sent from a browser #39431
handle mupltiple cookies sent from a browser #39431
Conversation
Pinging @elastic/kibana-platform |
💔 Build Failed |
💚 Build Succeeded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
public async get(): Promise<T | null> { | ||
try { | ||
return await this.server.auth.test('security-cookie', this.request as Request); | ||
const session = await this.server.auth.test('security-cookie', this.request); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this string be pulled from a shared constant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think so.
- Strategy name is declared in the same file:
server.auth.strategy('security-cookie', 'cookie', {
This knowledge shouldn't leak outside. - I believe that
shared constant
won't exist in the New platform. They are always a part of a domain and should be passed accordingly, with declaring direct dependencies.
@@ -221,6 +223,7 @@ export class HttpServer { | |||
this.authRegistered = true; | |||
|
|||
const sessionStorageFactory = await createCookieSessionStorageFactory<T>( | |||
this.logger.get('http', 'server', this.name, 'cookie-session-storage'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be kinda nice if the Logger
interface had a get
function for creating sub-loggers:
const httpLog = loggerFactory.get('http', 'server')
const cookieSessionStorageLog = httpLog.get('cookie-session-storage')
But that's a change for another day...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also was surprised that Logger
doesn't provide this functionality. Created issue #39695
💔 Build Failed |
retest |
💔 Build Failed |
retest |
💚 Build Succeeded |
Summary
Support a case for
ScopedCookieSessionStorage
when browser sends multiple cookies with the same name.based on the current implementation https://github.com/restrry/kibana/blob/e4f538df0a048b469eb1189c34484cf8699944a6/x-pack/legacy/plugins/security/server/lib/authentication/session.ts#L59
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.[ ] This was checked for cross-browser compatibility, including a check against IE11-
[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Documentation was added for features that require explanation or tutorials[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers