saml icon indicating copy to clipboard operation
saml copied to clipboard
verified publisher icon crewjam

Lost information when returning errors in cookie session provider

Open zeevallin opened this issue 4 years ago • 2 comments

Heya,

I'm experiencing some issues with certain users not being able to retrieve a session and get stuck in a redirect loop. I've narrowed it down to the default session cookie methods but realised that the error from the session decoder gets swallowed. Is this intended to streamline the API or do you think it would be possible with some better typed errors that contain this lost information?

https://github.com/crewjam/saml/blob/29c6295245bda6b40d9efb1dddaf7670ed782cb0/samlsp/session_cookie.go#L84-L99

zeevallin avatar May 21 '21 14:05 zeevallin

The issue is due the cookie being to large. There is a few different way to fix this.

  1. compress the data (the data can still grow to large so this is only a stop gap)
  2. Save the attributes to a temp file and see the file name encrypted as the cookie value (doesn't work with HA and requires sticky sessions and if the go program is in a docker that means all sessions would go away if the docker is rebuilt)
  3. Save to a database and send the row id encrypted (more over head due to now requiring a database)

lorodoes avatar Mar 30 '23 13:03 lorodoes

@lorodoes Yeah, I figured it out by some trial and error, forgot to post it here. Was a few years ago. :D

zeevallin avatar Apr 05 '23 09:04 zeevallin