Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

send cookie on successful basic auth #4687

Merged
merged 1 commit into from
Jul 24, 2023
Merged

send cookie on successful basic auth #4687

merged 1 commit into from
Jul 24, 2023

Conversation

rnewson
Copy link
Member

@rnewson rnewson commented Jul 21, 2023

As a way to migrate users to a strong password hashing scheme without getting a performance hit each time, assuming the client will send back the cookie we send them. we check the cookie first and avoid the hit, but we still fall back to basic auth if necessary

h/t @glynnbird for the idea

@rnewson rnewson force-pushed the preemptive-cookie branch 2 times, most recently from 656c541 to ec12c4d Compare July 21, 2023 14:57
@big-r81
Copy link
Contributor

big-r81 commented Jul 23, 2023

Don't we need to do more than juste create the FullSecret, like checking the cookie?

@rnewson
Copy link
Member Author

rnewson commented Jul 24, 2023

@big-r81 The PR sends a cookie, there isn't one in the request to check yet. If there was the cookie auth handler would have done so.

@rnewson rnewson merged commit e35fb20 into main Jul 24, 2023
15 checks passed
@rnewson rnewson deleted the preemptive-cookie branch July 24, 2023 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants