mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-05-02 21:29:12 -04:00
express-session: Implement and enable key rotation (#5362) by @rhansen
* SecretRotator: New class to coordinate key rotation * express-session: Enable key rotation * Added new entry in docker.adoc * Move to own package.Removed fallback as Node 16 is now lowest node version. * Updated package-lock.json --------- Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
This commit is contained in:
Richard Hansen
GitHub
parent
675c0130b9
commit
2bb431e7e5
12 changed files with 915 additions and 28 deletions
|
|
@ -37,6 +37,11 @@
|
|||
session expires (with some exceptions that will be fixed in the future).
|
||||
* Requests for static content (e.g., `/robots.txt`) and special pages (e.g.,
|
||||
the HTTP API, `/stats`) no longer create login session state.
|
||||
* The secret used to sign the `express_sid` cookie is now automatically
|
||||
regenerated every day (called *key rotation*) by default. If key rotation is
|
||||
enabled, the now-deprecated `SESSIONKEY.txt` file can be safely deleted
|
||||
after Etherpad starts up (its content is read and saved to the database and
|
||||
used to validate signatures from old cookies until they expire).
|
||||
* The following settings from `settings.json` are now applied as expected (they
|
||||
were unintentionally ignored before):
|
||||
* `padOptions.lang`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue