Fix cookie name in passcode handler #1625
Conversation
uses configured cookie name in passcode handler
| @@ -453,7 +452,7 @@ func (h *PasscodeHandler) Finish(c echo.Context) error { | |||
|
|
|||
| func (h *PasscodeHandler) GetSessionToken(c echo.Context) jwt.Token { | |||
| var token jwt.Token | |||
| sessionCookie, _ := c.Cookie("hanko") | |||
| sessionCookie, _ := c.Cookie(h.cfg.Session.Cookie.GetName()) | |||
There was a problem hiding this comment.
@FreddyDevelop how can we handle the errors here? all errors in GetSessionToken are ignored. They should be logged at least. What is the best way to get a logger instance here?
That would have helped to faster find that bug, because the accessed cookie doesn't exist.
There was a problem hiding this comment.
We do not log the error, that a cookie is missing, because the session token can also be send within the Authorization header and when the error gets logged then we would clutter the logs with unnecessary messages.
Only solution to that would be to log that errors only when no token can be returned. You can use zerolog for the logging. An example can be found at:
hanko/backend/handler/passcode.go
Line 234 in 579cef3
loeffert
changed the title
Description
Use configured cookie name in passcode handler. Fixes #1624