Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We should cleanup unused cookies when switching between chunked and unchunked #303

Merged
merged 6 commits into from
Feb 23, 2021
Merged

We should cleanup unused cookies when switching between chunked and unchunked #303

merged 6 commits into from
Feb 23, 2021

Conversation

adamjmcgrath
Copy link
Contributor

@adamjmcgrath adamjmcgrath commented Feb 18, 2021
edited
Loading

Description

If the size of the session grows from <4096 Bytes to >4096 Bytes, the middleware will create new appSession.0 ..., appSession.n chunked cookies.

But it will not remove the orginal single appSession, and since the cookie-store prefers appSession, it will continue to read the stale single cookie rather than the updated chunked cookies.

References

fixes #289

Testing

  • Login with small session (eg. database user with no custom claims)

  • Observe that you have a single appSession cookie

  • Hit some middleware that adds a large value to your session (making the session > 4096 Bytes)

  • Observe that you have new appSession.0 and appSession.1 cookies - you should not have the appSession cookie

  • You should be able to read the value of the new property on subsequent requests

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not main

@adamjmcgrath adamjmcgrath added the review:medium Medium review label Feb 18, 2021
@adamjmcgrath adamjmcgrath requested a review from a team as a code owner February 18, 2021 12:46
@vercel
Copy link

vercel bot commented Feb 18, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/auth0/nextjs-auth0/48ejq4gr0
✅ Preview: Canceled

[Deployment for af6f210 canceled]

@adamjmcgrath adamjmcgrath merged commit c485044 into main Feb 23, 2021
@adamjmcgrath adamjmcgrath deleted the cookie-cleanup branch February 23, 2021 11:26
@adamjmcgrath adamjmcgrath mentioned this pull request Feb 24, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@panva panva panva approved these changes

Assignees
No one assigned
Labels
review:medium Medium review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reducing cookie size
3 participants
@adamjmcgrath @panva @Widcket