Put the state and nonce into the session store instead of using a cookie #69
Comments
cfryanr
added a commit
that referenced
this issue
Feb 25, 2020
- Removes two configuration options that are no longer needed: `cryptor_secret` and `timeout` - Removes the cookie encryption code and related helpers - Does not set or delete the state cookie anymore - Adds the state and nonce values to the session store - Renamed the SessionIdGenerator to SessionStringGenerator because it now also generates state and nonce values [Issue #69] Signed-off-by: Andrew Chang <anchang@pivotal.io>
cfryanr
pushed a commit
that referenced
this issue
Feb 26, 2020
- Remove an unused include in in_memory_session_store_test.cc - Add a new target in the Makefile to help run focused tests from the command line [Issue #69] Signed-off-by: Ryan Richard <rrichard@pivotal.io>
nacx
added a commit
to nacx/authservice
that referenced
this issue
Mar 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This will simplify the code and will remove the need for the cryptor_secret configuration option.
It will also make the authservice compatible with any version of Istio/envoy, even versions from before the Set-Cookie bug that we fixed (that fix was first included in Istio 1.5).
The text was updated successfully, but these errors were encountered: