Add project prefix in session cookie path
What does this MR do?
Add project prefix in session cookie path
Setting path variable at cookie level avoids leaking restricted and private projects/subgroups pages under the same top level group.
I have kept this under feature flag: FF_ENABLE_PROJECT_PREFIX_COOKIE_PATH
Related issue: Tech Eval: Set path variable at cookie level to... (#1088 - closed)
Cookie path documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#pathpath-value
Changelog: added
Recording:
Before this fix | After this fix |
---|---|
Before Session Cookie Path.mov | After Session Cookie Path.mov |
TODO
-
Feature flag -
Added feature flag: -
This feature does not require a feature flag
-
-
I added the Changelog
trailer to the commits that need to be included in the changelog (e.g.Changelog: added
) -
I added unit tests or they are not required -
I added acceptance tests or they are not required -
I added documentation (or it's not required) -
I followed code review guidelines -
I followed Go Style guidelines
Edited by Naman Jagdish Gala