You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This causes issues with multi-instance deploys, because unless the secret is explicitly set in the vendure-config, a different random secret will be used in each instance, meaning instance A won't be able to read cookies set by instance B and vice versa.
This is a cause of confusion as the reason for sessions not working across instances is hard to debug.
Possible solutions
2 possible solutions:
Don't make the default value random. Use some hard-coded constant string. Need to research any security implications of doing this, since it is likely that most users will leave this unchanged.
Expose the cookie secret setting as part of the @vendure/create config file template. This makes it clear that the setting exists and allows users to easily change it to something unique for their project.
Environment (please complete the following information):
@vendure/core version: 1.2.3
Nodejs version: any
Database (mysql/postgres etc): any
The text was updated successfully, but these errors were encountered:
Describe the bug
In the default config, the cookie settings have the secret as a random value:
vendure/packages/core/src/config/default-config.ts
Lines 70 to 73 in dd28a9d
This causes issues with multi-instance deploys, because unless the secret is explicitly set in the vendure-config, a different random secret will be used in each instance, meaning instance A won't be able to read cookies set by instance B and vice versa.
This is a cause of confusion as the reason for sessions not working across instances is hard to debug.
Possible solutions
2 possible solutions:
@vendure/create
config file template. This makes it clear that the setting exists and allows users to easily change it to something unique for their project.Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: