public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #757 from ManoManoTech/doc/cookieSession 

Doc: cookie-secret is a mandatory field for cookie session
This commit is contained in:
Joel Speed 2020-09-04 15:30:47 +01:00 committed by GitHub
parent e4e5580852 0eb0024e87
commit ef08d01b98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuration/sessions.md
View File

@ -29,7 +29,7 @@ side cookies and transferred with each and every request.
The following should be known when using this implementation: The following should be known when using this implementation:
- Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless - Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless
- Cookies are signed server side to prevent modification client-side - Cookies are signed server side to prevent modification client-side
- It is recommended to set a `cookie-secret` which will ensure data is encrypted within the cookie data. - It is mandatory to set a `cookie-secret` which will ensure data is encrypted within the cookie data.
- Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation - Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation
cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force
users to re-authenticate users to re-authenticate