BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Session Management

Open JoMo1970 opened this issue 1 year ago • 4 comments

Attempted Debugging

  • [X] I have read the debugging page

Searched GitHub Issues

  • [X] I have searched GitHub for the issue.

Describe the Scenario

Hello. I am trying to enable BookStack to accept a cookie to maintain a session. I have confirmed that I am sending a cookie to bookstack and can see it in the request headers as a cookie. However, the redirect to the app still happens back to APP_URL no matter if I pass in the cookie or not. I have set the cookie name as a passed in environment variable to the docker container running bookstack. I am sure am doing something wrong but I cannot find any direct answers on why this is happening. Thanks.

Exact BookStack Version

latest docker container

Log Content

No response

Hosting Environment

Official BookStack Docker container

JoMo1970 avatar Jun 07 '24 15:06 JoMo1970

Hi @JoMo1970, I'm really not sure what you're attempting to do here, sorry for not understanding. What's the overall setup/goal? What's led you to the point of attempting to send specific session cookies? Where are they coming from?

ssddanbrown avatar Jun 08 '24 14:06 ssddanbrown

Hello @ssddanbrown. I am trying to maintain a session with BookStack by passing in a cookie that will be within the request headers of a url that redirects to address:6875. Mind you, I am not sure 100% sure of how to make this flow work. Basically, when a user logs in to a specific web app, it is going to have a cookie available and if BookStack is pre-configured to have this cookie to be checked in BookStack, then I am wanting to keep that session open to use BookStack after a redirect from the login flow.

I am really new to BookStack so I am not if I am understanding how the session cookie is suppposed to work. I hope this makes sense. Please let me know. Thanks.

JoMo1970 avatar Jun 08 '24 14:06 JoMo1970

@JoMo1970 Session cookies are really not intended to be created or managed externally in any way. Attempting to manage/set cookies across origins is a mess anyway with various browser-level barriers. It's definately out the remit of what's supported.

Ignoring cookies, or specific technical implementation ideas, what's the overall goal here? You want to log users into BookStack after they log into a different application? If so, is the other app just there for authorization or does it do something completely different? Assuming you're attempting to code a solution, where are you running the code? On the other non-bookstack app I assume? If so, is the browser-side or server-side?

ssddanbrown avatar Jun 08 '24 15:06 ssddanbrown

@ssddanbrown - yes, the goal is to log users into bookstack after they have logged into another application and then that user tries to open bookstack. We were originally going to create a SSO provider and then connect that to openstack but we hit a few roadblocks on the current code-base.

The bottom line objective is to basically maintain a session between bookstack and another application. I was hoping a cookie would be the easiest way to do this. Thoughts?

Fyi - bookstack will be running on a podman container seperate from the main application that logs the user in.

JoMo1970 avatar Jun 08 '24 15:06 JoMo1970

Sorry for the late response. I really could no advise attempting this via cookie sharing, it's very much not supported and prone to error. Focusing on SSO really is the proper way to go about this.

Since this thread is a little old now I'm going to go ahead and close this off.

ssddanbrown avatar Feb 25 '25 12:02 ssddanbrown