Invalid cookies should not cause a server error #2115

bfops · 2025-01-13T19:10:51Z

Update the cookie processing for the session so that invalid cookies do not cause a server error. A bad session cookie should be detected and discarded.

This is possibly a P2 since it only happens if someone deliberately sets invalid cookies, we issue invalid cookies, or we wipe the database (which should not happen).

bfops · 2025-01-13T19:10:59Z

Adding this to 1.0 since it was created recently.

bfops · 2025-01-13T19:26:02Z

Does this just cause an error log, or does it negatively impact the server?

bfops · 2025-01-13T20:22:21Z

This does not only happen for malicious users; it could happen if we wipe the server data.

bfops assigned cloutiertyler Jan 13, 2025

bfops changed the title ~~Update the cookie processing for the session so that invalid cookies do not cause a server error. A bad session cookie should be detected and discarded.~~ Update the cookie processing for the session so that invalid cookies do not cause a server error Jan 13, 2025

bfops changed the title ~~Update the cookie processing for the session so that invalid cookies do not cause a server error~~ Invalid cookies should not cause a server error Jan 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid cookies should not cause a server error #2115

Invalid cookies should not cause a server error #2115

bfops commented Jan 13, 2025 •

edited

Loading

bfops commented Jan 13, 2025

bfops commented Jan 13, 2025

bfops commented Jan 13, 2025

Invalid cookies should not cause a server error #2115

Invalid cookies should not cause a server error #2115

Comments

bfops commented Jan 13, 2025 • edited Loading

bfops commented Jan 13, 2025

bfops commented Jan 13, 2025

bfops commented Jan 13, 2025

bfops commented Jan 13, 2025 •

edited

Loading