Marco Squarcina

icon indicating a website link https://minimalblue.com

icon company TU Wien icon location Vienna, AT

Results 3 issues of Marco Squarcina

Clear the session data on login by default. Added support for an allow-list of session keys to preserve.

6 comment

Added a new configuration option `PRESERVED_SESSION_KEYS` to preserve specific values in the session between unauthenticated and authenticated states. By default, unrelated session data is cleared on login. As privately reported...

[rfc6265bis] nameless cookies, client/server inconsistencies

2 comment

I am reporting on some inconsistencies discovered while researching browser/server compliance with rfc6265bis. rfc6265bis-04 changed the cookie parsing algorithm to support nameless cookies, i.e., `Set-Cookie: token` should create a nameless...

6265bis
defer

Missing support for user/challenge/service deletion

The admin panel must be enriched with a functionality to allow deletion of users, challenges and services. Adding cascade delete constraints on the db schema should do the job, but...