Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: 500 (Internal Server Error) on invalid cookie #2604

Open
Primexz opened this issue Apr 10, 2024 · 0 comments · May be fixed by #2605
Open

[Bug]: 500 (Internal Server Error) on invalid cookie #2604

Primexz opened this issue Apr 10, 2024 · 0 comments · May be fixed by #2605
Labels
bug help wanted

Comments

@Primexz
Copy link

Primexz commented Apr 10, 2024
edited

OAuth2-Proxy Version

7.6.0

Provider

keycloak

Expected Behaviour

If I change the sessionstore (e.g. Cookie Storage to Redis) Storage, I expect that no Internal Server Error (500) is displayed for the user.
Changing the session store changes the layout of a cookie, which means that old cookies can no longer be parsed.

As a user, I expect the sign-in page of the OAuth2 proxy to be displayed by default instead of the error page.

Current Behaviour

If I currently change the session store as administrator, all users with an old cookie are currently shown an Internal Server Error (500).

If a user has a broken cookie (regardless of the value), an internal server error is currently displayed

Steps To Reproduce

  1. login with the provider
  2. manipulate the session cookie (enter something wrong, e.g. "foobar")
  3. reload the page
  4. an Internal Server Error should be displayed.

Possible Solutions

Forwarding to the OAuth2 provider if the cookie cannot be parsed.

Configuration details or additional information

No response
@Primexz Primexz linked a pull request Apr 10, 2024 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Show login page on broken session cookie Primexz/oauth2-proxy
1 participant
@Primexz