From e3faf56fab29025e7a3ec8dd590d9629dd4f832e Mon Sep 17 00:00:00 2001 From: Alexander Adler Date: Wed, 30 Oct 2024 10:23:35 +0100 Subject: [PATCH 1/2] fix: admit longer session cookies by using a larger store --- server/src/api/login.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/src/api/login.go b/server/src/api/login.go index 0c163b3641..940d0ceb6b 100644 --- a/server/src/api/login.go +++ b/server/src/api/login.go @@ -4,6 +4,7 @@ import ( "fmt" "math" "net/http" + "os" "strings" "time" @@ -11,6 +12,7 @@ import ( "scrumlr.io/server/logger" "github.com/go-chi/render" + "github.com/gorilla/sessions" "github.com/markbates/goth/gothic" "scrumlr.io/server/common/dto" "scrumlr.io/server/database/types" @@ -72,6 +74,9 @@ func (s *Server) logout(w http.ResponseWriter, r *http.Request) { // beginAuthProviderVerification will redirect the user to the specified auth provider consent page func (s *Server) beginAuthProviderVerification(w http.ResponseWriter, r *http.Request) { + store := sessions.NewFilesystemStore(os.TempDir(), []byte("scrumlr.io")) + store.MaxLength(1e9) + gothic.Store = store gothic.BeginAuthHandler(w, r) } From 1723cc6cacb100f647c2af1f77c898861e6c3f64 Mon Sep 17 00:00:00 2001 From: Alexander Adler Date: Mon, 4 Nov 2024 09:09:57 +0100 Subject: [PATCH 2/2] change maximum length to 32k --- server/src/api/login.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/api/login.go b/server/src/api/login.go index 940d0ceb6b..a410fbb75b 100644 --- a/server/src/api/login.go +++ b/server/src/api/login.go @@ -75,7 +75,7 @@ func (s *Server) logout(w http.ResponseWriter, r *http.Request) { // beginAuthProviderVerification will redirect the user to the specified auth provider consent page func (s *Server) beginAuthProviderVerification(w http.ResponseWriter, r *http.Request) { store := sessions.NewFilesystemStore(os.TempDir(), []byte("scrumlr.io")) - store.MaxLength(1e9) + store.MaxLength(0x8000) gothic.Store = store gothic.BeginAuthHandler(w, r) }