summaryrefslogtreecommitdiff
path: root/app/controllers/sessions/controller.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/sessions/controller.go')
-rw-r--r--app/controllers/sessions/controller.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index 7860ed5..61fdaf8 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -6,6 +6,7 @@ import (
"github.com/xlgmokha/x/pkg/cookie"
"github.com/xlgmokha/x/pkg/log"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
@@ -37,7 +38,7 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
url, nonce := c.svc.GenerateRedirectURL()
// This cookie must be sent as part of a redirect that originates from the OIDC Provider
cookie.Write(w, web.NewCookie(
- "oauth_state",
+ cfg.CSRFCookie,
nonce,
cookie.WithSameSite(http.SameSiteLaxMode),
cookie.WithExpiration(time.Now().Add(10*time.Minute)),
@@ -140,7 +141,7 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
return
}
- ck := web.NewCookie("session", encoded,
+ ck := web.NewCookie(cfg.SessionCookie, encoded,
cookie.WithSameSite(http.SameSiteLaxMode),
cookie.WithExpiration(tokens.Expiry),
)
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 10:55:04 +0000