search

fastify / fastify-secure-session

Create a secure stateless cookie session for Fastify
MIT License
201 stars 45 forks source link

Enable multiple cookie sessions #178

Closed patilanz closed 1 year ago

patilanz commented 1 year ago

Prerequisites

🚀 Feature Proposal

I'm using fastify-secure-session with fastify-passport like a identity provider for multiple pages. The problem is that there is only one cookieName in the configuration. Is it possible to use something like this:

// before
  fastify.register(fastifySecureSession, {
    key: fs.readFileSync(path.join(__dirname, 'secret-key')),
    cookieName: global.cookie_token_name,
    // options for setCookie of fastify-cookie
    cookie: {
      path: '/',
      httpOnly: is_prod,
      signed: is_prod
    }
  });

// after
  fastify.register(fastifySecureSession, {
    key: fs.readFileSync(path.join(__dirname, 'secret-key')),
    cookies: [
      {name: global.cookie_token_name, options: {path: '/admin', httpOnly: true, secure: is_prod}},
      {name: global.cookie_token_name2, options: {path: '/', httpOnly: true, secure: is_prod}},
    ]
  });

Motivation

No response

Example

No response

mcollina commented 1 year ago

Why would there be more than one cookie?

patilanz commented 1 year ago

In my case I need one cookie for www.domain.com and another for www.domain.com/path.

mcollina commented 1 year ago

And you need to read both at the same time?

patilanz commented 1 year ago

Yes, the server is responsible for both pages. Customers and Admins can have different accounts and can be authenticated at the same time.

Maybe using a different fastify context and registering the plugin two times?

mcollina commented 1 year ago

Maybe using a different fastify context and registering the plugin two times?

Yes, you should encapsulate them separately.