Closed Chris-Gari closed 2 months ago
Are you saying on your first browser when you changed the server lock url and then added a new server, it was using the old credentials? Or are you saying that when you changed the server lock url and reused your old browser, it was still using the original domain?
If it's the latter, this is expected; SERVER_URL
only affects new servers you add; it will not delete/change old server URLs.
Are you saying on your first browser when you changed the server lock url and then added a new server, it was using the old credentials? Or are you saying that when you changed the server lock url and reused your old browser, it was still using the original domain?
The latter statement is true, yes.
For the first statement, from my understanding you mean that, "I have the old credentials on the new browser?" No.
Edit: to explain further, when adding a new server on the old browser, the SERVER_LOCK
functions as intended, just that additionally the old server pointing to the old URL still exists, as well as my login credentials still working for that old URL.
If it's the latter, this is expected; SERVER_URL only affects new servers you add; it will not delete/change old server URLs.
This is what I have observed and prompted me to make this issue. I see.
Expected Behavior
Not take outdated cookies upon updating the server
Current Behavior
Cookies still work upon updating the server, with SERVER_LOCK = true
Steps to Reproduce
docker compose from old build from docker hub (v0.3.0), docker compose from this .yml file https://github.com/jeffvli/feishin/blob/2257e439a406f3785b098947c1d36353811e9d49/docker-compose.yaml replacing the image from the linked .yml file with kakoluz/feishin
login from brave browser with cookies enabled, notice I have old build, delete container
Run
docker run --name feishin -p 9180:9180 ghcr.io/jeffvli/feishin:latest
in the command line (no env variables),(With cookies enabled, no need to input my login credentials), notice the stream is taking unnecessary routes and I'm using cloudflare tunnels, (Request to feishin.mydomain.com -> jellyfin.mydomain.com -> jellyfin:192.168.1.105:8096 ) instead of (feishin.mydomain.com -> jellyfin:192.168.1.105:8096), delete container
docker compose, the one I use for the update (latest) this time with the
image: ghcr.io/jeffvli/feishin:latest
, SERVER_LOCK = truelogin again with server lock, notice I am still logged in with my old SERVER_NAME, still pointing to jellyfin.mydomain.com.
login from different browser, have to login using the SERVER_LOCK when adding a new server
Possible Solution (Not obligatory)
Context
I don't know the implications of this bug security wise, I just hoped to bring it into light. (this is my first git issue submitted in my life, sorry for being rough and I might have misremembered some small things)
Your Environment