Session-Cookie Support (#1713)

* Create session cookie when cookie-expire set 0 * Fix format * add test * fix lint error * fix test code * fix conflicted test case * update test case of cookie expiration * update tests of csrf cookies * update docs * Update docs/docs/configuration/overview.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> --------- Co-authored-by: tanuki884 <morkazuk@fsi.co.jp> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2025-12-01 22:51:45 +02:00 · 2023-08-16 20:23:02 +09:00
parent d9416c3630
commit d107d885e4
11 changed files with 137 additions and 7 deletions
--- a/docs/docs/configuration/overview.md
+++ b/docs/docs/configuration/overview.md
@@ -88,7 +88,7 @@ An example [oauth2-proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/
 | `--code-challenge-method` | string | use PKCE code challenges with the specified method. Either 'plain' or 'S256' (recommended) | |
 | `--config` | string | path to config file | |
 | `--cookie-domain` | string \| list | Optional cookie domains to force cookies to (e.g. `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). | |
-| `--cookie-expire` | duration | expire timeframe for cookie | 168h0m0s |
+| `--cookie-expire` | duration | expire timeframe for cookie. If set to 0, cookie becomes a session-cookie which will expire when the browser is closed. | 168h0m0s |
 | `--cookie-httponly` | bool | set HttpOnly cookie flag | true |
 | `--cookie-name` | string | the name of the cookie that the oauth_proxy creates. Should be changed to use a [cookie prefix](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes) (`__Host-` or `__Secure-`) if `--cookie-secure` is set. | `"_oauth2_proxy"` |
 | `--cookie-path` | string | an optional cookie path to force cookies to (e.g. `/poc/`) | `"/"` |