CSRF and SessionID cookies doesn't have subpath (always using /) when running Label Studio with a subpath #5094
Labels
community:bug
Triaged by the community team + confirmed to be bug.
community:feature-request
Feature Request from the community reviewed by the community team.
community:reviewed
Issue has been reviewed by the Label Studio Community Team.
Describe the bug
I'm running multiple Label Studio Deployment on K8s/Kubernetes using your Helm Chart. I'm using a single DNS to route to each Ingress. The Ingress is routing the traffic to each Label Studio based on path.
For Example: I'll create 2 Label Studio Deployment using Helm.
Label Studio A Values:
Label Studio B Values:
When I'm trying to connect to both of them simultaneously, they both get disconnected. My suspect is problems with the
sessionid
andcsrftoken
cookies.Example:
I'm connecting to
https://label-studio.xxxx.xx/A
but the cookies are shown with/
:When I'm opening the UI of Label Studio B (not logging in to it), it shows the cookies (because it's same browser).
When I'm logging in to Label Studio B, both cookies are being updated. And because of that, Label Studio A isn't logged in anymore (because it thinks it's a new session).
To Reproduce
Expected behavior
The Label Studio should stayed connect in both deployment
Environment (please complete the following information):
Additional context
I saw that Label Studio is using Django to host the UI, there is 2 parameters in Django that can be added in order to support multiple label studio running of different path:
SESSION_COOKIE_PATH
: The default is/
. (here)CSRF_COOKIE_PATH
: The default is/
. (here]The text was updated successfully, but these errors were encountered: