Open pigpag opened 1 year ago
I run my same-host code server instances behind reverse proxy with my external social authentication without any problem.
External social authentication probably issues auth tokens in a different way that won't cause collision. I am talking about the built-in auth mechanism, which does not have the port number in the cookie key.
Is there an existing issue for this?
OS/Web Information
code-server --version
: 4.12.0Steps to Reproduce
Expected
Both work independently well
Actual
When the second browser session connects to the code-server, the first session's cookie gets overwritten, causing a lot of resource acquisition to have HTTP 401 Unauthorized errors. For example, extension introduction pages cannot be loaded. Code syntax highlighting stops working for languages whose syntax definition files haven't been downloaded.
Logs
No response
Screenshot/Video
No response
Does this issue happen in VS Code or GitHub Codespaces?
Are you accessing code-server over HTTPS?
Notes
Suggestion: The cookie key is currently defined in src/common/http.ts as an enum const CookieKeys.Session == "code-server-session". It is more desirable for the key to be dependent on port, e.g. "code-server-session--". For example, Jupyter uses this approach to support multiple sessions.