Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] API Calls Continue with Expired connect.sid Cookie #991

Closed
1 task done
Divinelink opened this issue Oct 2, 2024 · 2 comments · Fixed by #992
Closed
1 task done

[Bug] API Calls Continue with Expired connect.sid Cookie #991

Divinelink opened this issue Oct 2, 2024 · 2 comments · Fixed by #992
Labels
bug Something isn't working confirmed This bug has been reproduced released

Comments

@Divinelink
Copy link

Divinelink commented Oct 2, 2024
edited
Loading

Description

I'm using the jellyseerr API to make some API calls from my mobile app that I'm building.

Using my Jellyfin credentials, the /auth/local generates an authentication cookie that has an expiration date, however, even when the expiration date passes, I'm still able to successfully make API calls without getting any unauthorised/expired sessions error.

The server should be responsible for validating the session cookie (connect.sid) and blocking or rejecting API calls when the session has expired. Handling this on the frontend would be a workaround, but the correct approach is to fix it at the server level to ensure proper security and session management.

Version

1.9.2

Steps to Reproduce

Make any API calls using an expired connect.sid auth cookie.

Screenshots

No response

Logs

No response

Platform

desktop

Device

This is not relevant

Operating System

This is not relevant

Browser

This is not relevant

Additional Context

No response

Code of Conduct

  • I agree to follow Jellyseerr's Code of Conduct
@Divinelink Divinelink added awaiting triage This issue needs to be reviewed bug Something isn't working labels Oct 2, 2024
@gauthier-th gauthier-th added confirmed This bug has been reproduced and removed awaiting triage This issue needs to be reviewed labels Oct 2, 2024
gauthier-th added a commit that referenced this issue Oct 2, 2024
@gauthier-th
fix(session): set the correct TTL for the cookie store
a5be32b 
The time-to-live (TTL) of cookies stored in the database was incorrect because the connect-typeorm
library takes a TTL in seconds and not milliseconds, making cookies valid for ~82 years instead of
30 days.

fix #991
@gauthier-th gauthier-th mentioned this issue Oct 2, 2024
Merged
3 tasks
@Divinelink
Copy link
Author

Impressive bug fix turnaround! 🙌

@gauthier-th gauthier-th mentioned this issue Oct 2, 2024
Open
3 tasks
@fallenbagel
Copy link
Owner

🎉 This issue has been resolved in version 2.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

bonswouar pushed a commit to bonswouar/jellyseerr that referenced this issue Nov 10, 2024
@gauthier-th @bonswouar
fix(session): set the correct TTL for the cookie store (fallenbagel#992)
a97731c 
The time-to-live (TTL) of cookies stored in the database was incorrect because the connect-typeorm
library takes a TTL in seconds and not milliseconds, making cookies valid for ~82 years instead of
30 days.

fix fallenbagel#991
thibodelanghe pushed a commit to thibodelanghe/jellyseerr that referenced this issue Dec 18, 2024
@gauthier-th @thibodelanghe
fix(session): set the correct TTL for the cookie store (fallenbagel#992)
dcf988d 
The time-to-live (TTL) of cookies stored in the database was incorrect because the connect-typeorm
library takes a TTL in seconds and not milliseconds, making cookies valid for ~82 years instead of
30 days.

fix fallenbagel#991
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working confirmed This bug has been reproduced released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(session): set the correct TTL for the cookie store fallenbagel/jellyseerr
3 participants
@Divinelink @gauthier-th @fallenbagel