infosec better

author: Christine Dodrill <me@christine.website> 2019-01-26 10:27:02 -0800
committer: Christine Dodrill <me@christine.website> 2019-01-26 10:27:02 -0800
commit: a89b2c8a1f577f4b7d025671627683cddddbd8a4 (patch)
tree: 9e4d40bee14d47b6f6de58e080a2ea8826314009 /idp
parent: 26cc8779330456758d4eb560cb24975f4e53bce0 (diff)
download: x-a89b2c8a1f577f4b7d025671627683cddddbd8a4.tar.xz
x-a89b2c8a1f577f4b7d025671627683cddddbd8a4.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/idp/idpmiddleware/middleware.go b/idp/idpmiddleware/middleware.go
index 3ffb700..5a2bdc9 100644
--- a/idp/idpmiddleware/middleware.go
+++ b/idp/idpmiddleware/middleware.go
@@ -111,7 +111,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 					ln.Log(ctx, ln.Info("setting cookie"))
 					http.SetCookie(w, &http.Cookie{
 						Name:     "within-x-idpmiddleware",
-						Value:    hash(me+bootTime.String(), idpServer),
+						Value:    hash(me, bootTime.String()),
 						HttpOnly: true,
 						Expires:  time.Now().Add(900 * time.Hour),
 						Path:     "/",
@@ -129,7 +129,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 			}
 
 			cookie, err := r.Cookie("within-x-idpmiddleware")
-			if err != nil || cookie.Value != hash(me+bootTime.String(), idpServer) {
+			if err != nil || cookie.Value != hash(me, bootTime.String()) {
 				u, err := url.Parse(idpServer)
 				if err != nil {
 					http.Error(w, err.Error(), http.StatusInternalServerError)
author	Christine Dodrill <me@christine.website>	2019-01-26 10:27:02 -0800
committer	Christine Dodrill <me@christine.website>	2019-01-26 10:27:02 -0800
commit	a89b2c8a1f577f4b7d025671627683cddddbd8a4 (patch)
tree	9e4d40bee14d47b6f6de58e080a2ea8826314009 /idp
parent	26cc8779330456758d4eb560cb24975f4e53bce0 (diff)
download	x-a89b2c8a1f577f4b7d025671627683cddddbd8a4.tar.xz x-a89b2c8a1f577f4b7d025671627683cddddbd8a4.zip