[Feature]: Add cookie expiration to MeshChat config file

hickey / meshchat

MeshChat for AREDN (in Lua)

GNU General Public License v3.0

21 stars 3 forks source link

[Feature]: Add cookie expiration to MeshChat config file #31

Open hickey opened 10 months ago

hickey commented 10 months ago

Contact Details

No response

Enhancement Type

Other

What is your idea or what can be improved?

Currently there is not a cookie expiration time specified. Need to create a new config file setting for it and add it to the config API. There are 2 spots in www/chat.js that need to have the expiration specified in meshchat_init().

hickey commented 10 months ago

This will need to be addressed also:

Cookie “meshchat_id” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite