From fcd52e042e05ca5ac68ca8a858931b820f8dae06 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 10 Apr 2020 14:25:23 +0100 Subject: [PATCH] Warn users when session cookies are split --- CHANGELOG.md | 1 + pkg/sessions/cookie/session_store.go | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 727d7c2a..2a4bf5ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ - [#462](https://github.com/oauth2-proxy/oauth2-proxy/pull/462) Allow HTML in banner message (@eritikass). - [#412](https://github.com/pusher/oauth2_proxy/pull/412) Allow multiple cookie domains to be specified (@edahlseng) - [#413](https://github.com/oauth2-proxy/oauth2-proxy/pull/413) Add -set-basic-auth param to set the Basic Authorization header for upstreams (@morarucostel). +- [#483](https://github.com/oauth2-proxy/oauth2-proxy/pull/483) Warn users when session cookies are split (@JoelSpeed) # v5.1.0 diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go index 6698edbe..727f915b 100644 --- a/pkg/sessions/cookie/session_store.go +++ b/pkg/sessions/cookie/session_store.go @@ -12,6 +12,7 @@ import ( "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils" ) @@ -129,6 +130,7 @@ func NewCookieSessionStore(opts *options.SessionOptions, cookieOpts *options.Coo // it into a slice of cookies which fit within the 4kb cookie limit indexing // the cookies from 0 func splitCookie(c *http.Cookie) []*http.Cookie { + logger.Printf("WARNING: Multiple cookies are required for this session as it exceeds the 4kb cookie limit. Please use server side session storage (eg. Redis) instead.") if len(c.Value) < maxCookieLength { return []*http.Cookie{c} }