public/owltide
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server/utils
History
Hornwitser c9976af26b Include the name of the cookie in the signature 
If a cookie is signed for one purpose, but the server also uses a
differently named signed cookie name for another purpose, then it's
possible for a malicious client to substitute the value of one signed
cookie with the value of another and have it pass the signature check.

Include the name of the cookie when computing the signature so that no
cookies signed for example for "user_session" can be used as a value for
a hypothetical "admin_session" cookie.
2025-05-20 00:36:10 +02:00
..
schedule.ts Fix missmatched parenthesis 2025-03-15 18:30:22 +01:00
session.ts Make session cookie permament 2025-03-11 16:30:51 +01:00
signed-cookie.ts Include the name of the cookie in the signature 2025-05-20 00:36:10 +02:00