Maya requested your review on PR #284 · Improve authentication session handling
 ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏ ‌​‍‎‏

Branchbase

code hosting · reviews

Review requested

Maya

Maya requested your review

Hi Aaryan — your feedback is needed before merge.

Improve authentication session handling

#284 · northstar/web-app

Branches

fix/session-ttlmain

Labels

securityready for review

Description

Extends session TTL, regenerates session IDs on privilege change, and hardens cookie flags for auth middleware. No API contract changes.

Reviewers

Aaryan · requested|Leo · approved|Priya · pending

+69 −29 · 3 files changed · opened 2 hours ago

Changed files

src/auth/session.ts

+42 −18

src/middleware/auth.ts

+15 −8

src/types/session.d.ts

+12 −3

Diff · session.ts

regenerateSessionId · setCookieFlags

@@ -48,7 +48,12 @@ export function createSession

48 const userId = ctx.user.id;
49const sessionTTL = 3600;
49+const sessionTTL = 60 * 60 * 24;
50+await regenerateSessionId(ctx);
50secure: process.env.NODE_ENV === 'production',
51+secure: true, sameSite: 'lax', httpOnly: true,
52 return bindSession(userId, sessionTTL);
Review pull request

northstar/web-app · pull/284

You received this email because you are a collaborator on northstar/web-app and were requested as a reviewer.

Manage notification preferences · Unsubscribe

Branchbase, Inc. · 548 Market St, PMB 48291 · San Francisco, CA 94104