search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
14.29k stars 1.81k forks source link

Session Management #5059

Open JoMo1970 opened 3 weeks ago

JoMo1970 commented 3 weeks ago

Attempted Debugging

Searched GitHub Issues

Describe the Scenario

Hello. I am trying to enable BookStack to accept a cookie to maintain a session. I have confirmed that I am sending a cookie to bookstack and can see it in the request headers as a cookie. However, the redirect to the app still happens back to APP_URL no matter if I pass in the cookie or not. I have set the cookie name as a passed in environment variable to the docker container running bookstack. I am sure am doing something wrong but I cannot find any direct answers on why this is happening. Thanks.

Exact BookStack Version

latest docker container

Log Content

No response

Hosting Environment

Official BookStack Docker container

ssddanbrown commented 3 weeks ago

Hi @JoMo1970, I'm really not sure what you're attempting to do here, sorry for not understanding. What's the overall setup/goal? What's led you to the point of attempting to send specific session cookies? Where are they coming from?

JoMo1970 commented 3 weeks ago

Hello @ssddanbrown. I am trying to maintain a session with BookStack by passing in a cookie that will be within the request headers of a url that redirects to address:6875. Mind you, I am not sure 100% sure of how to make this flow work. Basically, when a user logs in to a specific web app, it is going to have a cookie available and if BookStack is pre-configured to have this cookie to be checked in BookStack, then I am wanting to keep that session open to use BookStack after a redirect from the login flow.

I am really new to BookStack so I am not if I am understanding how the session cookie is suppposed to work. I hope this makes sense. Please let me know. Thanks.

ssddanbrown commented 3 weeks ago

@JoMo1970 Session cookies are really not intended to be created or managed externally in any way. Attempting to manage/set cookies across origins is a mess anyway with various browser-level barriers. It's definately out the remit of what's supported.

Ignoring cookies, or specific technical implementation ideas, what's the overall goal here? You want to log users into BookStack after they log into a different application? If so, is the other app just there for authorization or does it do something completely different? Assuming you're attempting to code a solution, where are you running the code? On the other non-bookstack app I assume? If so, is the browser-side or server-side?

JoMo1970 commented 3 weeks ago

@ssddanbrown - yes, the goal is to log users into bookstack after they have logged into another application and then that user tries to open bookstack. We were originally going to create a SSO provider and then connect that to openstack but we hit a few roadblocks on the current code-base.

The bottom line objective is to basically maintain a session between bookstack and another application. I was hoping a cookie would be the easiest way to do this. Thoughts?

Fyi - bookstack will be running on a podman container seperate from the main application that logs the user in.