-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow setting the path for the cookie signer. #24
Comments
Yes, I can see that this is an issue with the Nonetheless, you still can create your own cookie using the value provided from Something like this should work for you: let token = token_signer.create_signed_token(claims, token_lifetime)?;
let cookie = Cookie::build("access_token".to_string(), token)
.path("/")
.secure(true)
.finish(); The Maybe it would be better to just return a builder that allows you to set further options on the cookie. |
I found that your workaround only partially addresses my issue. My goal is to enable users to log in and gain full access to the /app/ directory. I want to allow cookies to refresh properly. When a user refreshes the page at /app/foo, the new access cookie is set with the path /app/foo, which causes problems as it cannot be overwritten through a new login process. I have no idea about to modify the cookie gotten from |
I had the same problem with access_token refreshing. I propose to add a method to TokenSigner builder, that would accept closure with CookieBuilder parameter. PR #26 This would allow us to set Path and other settings. |
Currently, there is no explicit way of setting the designated path for the returned cookie pair, resulting in the cookie not being recognized by browsers.
Reproduction steps:
Have the following API layout, using the simple example:
/v1/auth/login
/v1/api/hello
Define the App with
Retrieve the login cookie from
/auth/login
Try to access
/v1/api/hello
As you can see,
hello
will report unauthorized, as the cookie path has been set to/v1/auth
, which doesn't cover theapi
route.The text was updated successfully, but these errors were encountered: