Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cookies' names should be customizable

See original GitHub issue

Currrently, at least sessionID conflicts severely with many web frameworks’ own session cookie. It’s desirable to either change that generic name to something more Etherpad-specific or make the cookie name configurable.

Issue Analytics

State:
Created 11 years ago
Comments:13 (12 by maintainers)

Top GitHub Comments

1reaction

rhansencommented, Oct 25, 2020

#4423 changes the express_sid cookie to ep_express_sid, but isn’t sessionID the most problematic cookie?

0reactions

JohnMcLearcommented, Oct 24, 2020

https://github.com/ether/etherpad-lite/pull/4423 addresses the core problem by adding a prefix of ep_ to session cookie values. This doesn’t stop a plugin violating the namespace and we could do that by adding a prefix (either static value or from settings.json) to the setCookie and getCookie methods.

For now 4423 resolves this issue and we can be mindful of having a custom value that is set for all values in the future. For now I want to limit how many breaking changes we make so #4423 should get us through.