Skip to content

Add session IDs (for keystore)

ale requested to merge keystore-sessions into master

A new random session ID is automatically generated whenever a user goes through the login workflow, and it's then saved to the 'auth' cookie.

This allows us to call keystore.Open() and keystore.Close() with this session ID, preventing multiple users logging in from different browsers to cobble their key storage (as implemented in keystore!32 (merged)).

Instead of changing the AuthClient interface, we've opted to attach the session ID to the Context like we do for the Auth object.

Merge request reports