3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-09 09:51:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Replace random session tokens with JWE tokens.

Browse source 
We still maintain the http session state on the database for to prevent
replay attacks to the main application. But internally, on less critical
parts of the infraestructure, it usefull have access to the identified
user without hit the main database for that information.
This commit is contained in:
Andrey Antukh 2021-04-25 19:43:09 +02:00
parent 0f91f02508
commit bb73ddc58f
3 changed files with 46 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/app/main.clj
View file

@ -60,8 +60,8 @@
:storage (ig/ref :app.storage/storage)}
:app.http.session/session
{:pool (ig/ref :app.db/pool)
:cookie-name (cf/get :http-session-cookie-name)}
{:pool (ig/ref :app.db/pool)
:tokens (ig/ref :app.tokens/tokens)}
:app.http.session/gc-task
{:pool (ig/ref :app.db/pool)