Skip to content

Fix: Preserve existing browser session during fly login #9109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 12, 2025
Merged

Fix: Preserve existing browser session during fly login #9109

merged 1 commit into from
Mar 12, 2025

Conversation

IvanChalukov
Copy link
Contributor

Changes proposed by this PR

This PR addresses the issue where logging in through the browser UI via fly login would invalidate the existing browser session. The solution ensures that existing sessions remain active after the login process, preventing users from being logged out unexpectedly.

closes #8868

  • update parsing of csrf_token to Elm app

Notes to reviewer

The implementation enhances the process of sending the csrf_token to the Elm app, which then forwards the token to the web server. Previously, the value sent in the X-Csrf-Token header was enclosed in quotes, like this:

X-Csrf-Token: "redacted"

This caused an error when comparing the CSRF token from the cookie and the header in the web server.
After the change, the X-Csrf-Token header now looks like:

X-Csrf-Token: redacted

This adjustment ensures that the server can properly validate the token.

Release Note

  • Fix: Corrected CSRF token header format for proper validation.

@IvanChalukov IvanChalukov requested a review from a team as a code owner March 12, 2025 16:47
@IvanChalukov
fix: parse csrf_token value before sending to Elm app
9e830b3 
Signed-off-by: IvanChalukov <ichalukov@gmail.com>
@taylorsilva
Copy link
Member

This was next on my list of bugs to fix after v7.13.0 was out. Glad you beat me to it!

taylorsilva
taylorsilva approved these changes Mar 12, 2025
View reviewed changes
Copy link
Member

@taylorsilva taylorsilva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotta love these one-liner changes.

I verified this resolves the issue. When I do fly login now, any other tabs I was logged into aren't suddenly logged out.

@taylorsilva taylorsilva merged commit 05fce13 into concourse:master Mar 12, 2025
12 checks passed
@IvanChalukov
Copy link
Contributor Author

I'm more than happy to help! I have to admit, that one was tricky!

@geofffranks
Copy link

@IvanChalukov you're my hero ❤️

☆。 ★。 ☆ ★
。☆ 。☆。☆
★。\|/。★
SUPERFAVE
★。/|\。★
。 ☆。☆。☆
☆。 ★。 ☆ ★

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylorsilva taylorsilva taylorsilva approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fly login through browser UI will "invalidate" existing browser session
3 participants
@IvanChalukov @taylorsilva @geofffranks