Change cookie key in CE (#4621)

* use default sessions options in ce

* there is no RuntimeSessionAdapter anymore
This commit is contained in:
ruslandoga 2024-09-26 14:43:47 +07:00 committed by GitHub
parent 9d997a74d6
commit 356f50e9c8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -9,14 +9,14 @@ defmodule PlausibleWeb.Endpoint do
end
@session_options [
# key to be patched
key: "",
# in EE key is replaced dynamically via runtime_session_opts, see below
key: "_plausible_key",
store: :cookie,
signing_salt: "I45i0SKHEku2f3tJh6y4v8gztrb/eG5KGCOe/o/AwFb7VHeuvDOn7AAq6KsdmOFM",
# 5 years, this is super long but the SlidingSessionTimeout will log people out if they don't return for 2 weeks
max_age: 60 * 60 * 24 * 365 * 5,
extra: "SameSite=Lax"
# in EE domain is added dynamically via RuntimeSessionAdapter, see below
# in EE domain is added dynamically via runtime_session_opts, see below
]
socket("/live", Phoenix.LiveView.Socket,
@ -115,13 +115,13 @@ defmodule PlausibleWeb.Endpoint do
# websocket requests within single root domain, in case websocket_url()
# returns a ws{s}:// scheme (in which case SameSite=Lax is not applicable).
Keyword.put(@session_options, :domain, host())
|> Keyword.put(:key, "_plausible_#{Application.fetch_env!(:plausible, :environment)}")
else
# CE setup is simpler and we don't need to worry about WS domain being different
@session_options
end
session_options
|> Keyword.put(:key, "_plausible_#{Application.fetch_env!(:plausible, :environment)}")
|> Keyword.put(:secure, secure_cookie?())
end