external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fixed for HTTP session with reverse proxies.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-04-14 00:09:00 -07:00
parent c74a207606
commit 24cfc89522
3 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
webserver.js
View file

@ -5153,7 +5153,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
name: 'xid', // Recommended security practice to not use the default cookie name
httpOnly: true,
keys: [obj.args.sessionkey], // If multiple instances of this server are behind a load-balancer, this secret must be the same for all instances
secure: true // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html)
secure: (obj.args.tlsoffload == null) // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html)
}
if (obj.args.sessionsamesite != null) { sessionOptions.sameSite = obj.args.sessionsamesite; } else { sessionOptions.sameSite = 'strict'; }
if (obj.args.sessiontime != null) { sessionOptions.maxAge = (obj.args.sessiontime * 60 * 1000); }