search

cachethq / Docker

A Dockerized version of Cachet.
https://cachethq.io
BSD 3-Clause "New" or "Revised" License
415 stars 280 forks source link

Session Issue while running through docker #315

Closed praneet12 closed 5 years ago

praneet12 commented 5 years ago

I have setup the cachet locally it works fine. But when I do the same using docker then session is not persistent. I am able to fetch someones others account in Cachet. Sometimes if someones login one account gets automatically logouts.

GottZ commented 5 years ago

this is a critical security vulnerability btw.

how to fix:

run this:

docker-compose exec cachet cat /etc/nginx/conf.d/default.conf > nginx.conf

it will create a copy of the nginx config within the container.

then in your docker-compose.yml just set this:

    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro

then edit the nginx.conf

replace fastcgi_cache microcache;

with fastcgi_cache off;

do a docker-compose up -d and voila. now you don't leak your sessions.

djdefi commented 5 years ago

should have been fixed with #311