Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What is the impact of not having sessions.NewCookieStore key rotation? #12

Open
tintinnabulate opened this issue Oct 10, 2018 · 0 comments
Open

What is the impact of not having sessions.NewCookieStore key rotation? #12

tintinnabulate opened this issue Oct 10, 2018 · 0 comments
Assignees
@tintinnabulate
Labels
question Further information is requested security This issue is to do with security

Comments

@tintinnabulate
Copy link
Owner

tintinnabulate commented Oct 10, 2018
edited
Loading

Do we need to use the github.com/gorilla/sessions key rotation?

At the moment, we don't have it. Write a test to assess the impact of not having rotation of store and encryption keys, and if it's not a problem, leave it. If it is a problem we may need to add it as per the example on http://www.gorillatoolkit.org/pkg/sessions

var store = sessions.NewCookieStore(
    []byte("new-authentication-key"),
    []byte("new-encryption-key"),
    []byte("old-authentication-key"),
    []byte("old-encryption-key"),
)
@tintinnabulate tintinnabulate changed the title Test impact of not having sessions.NewCookieStore key rotation Test the impact of not having sessions.NewCookieStore key rotation Oct 10, 2018
@tintinnabulate tintinnabulate self-assigned this Oct 10, 2018
@tintinnabulate tintinnabulate added bug Something isn't working question Further information is requested and removed bug Something isn't working labels Oct 10, 2018
@tintinnabulate tintinnabulate changed the title Test the impact of not having sessions.NewCookieStore key rotation What is the impact of not having sessions.NewCookieStore key rotation? Oct 10, 2018
@tintinnabulate tintinnabulate added the security This issue is to do with security label Nov 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tintinnabulate tintinnabulate

Labels
question Further information is requested security This issue is to do with security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tintinnabulate