Hashed user ID cookie improvements (#20232)

* refetch JWT cookie 20s after load * set cookie on login * make the cookie trigger at the right place
gitpod-io · Sep 19, 2024 · abb191f · abb191f
1 parent 92f3ec0
commit abb191f
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/components/dashboard/src/user-context.tsx b/components/dashboard/src/user-context.tsx
@@ -18,6 +18,17 @@ const UserContext = createContext<{
     setUser: () => null,
 });
 
+const refetchCookie = async () => {
+    await fetch("/api/auth/jwt-cookie", {
+        credentials: "include",
+    })
+        .then((resp) => resp.text())
+        .then((text) => console.log(`Completed JWT Cookie refresh: ${text}`))
+        .catch((err) => {
+            console.log("Failed to update jwt-cookie", err);
+        });
+};
+
 const UserContextProvider: React.FC = ({ children }) => {
     const [user, setUser] = useState<User>();
 
@@ -46,16 +57,9 @@ const UserContextProvider: React.FC = ({ children }) => {
             const frequencyMs = 1000 * 60 * 5; // 5 mins
             if (!_gp.jwttimer) {
                 // Store the timer on the window, to avoid queuing up multiple
-                _gp.jwtTimer = setInterval(() => {
-                    fetch("/api/auth/jwt-cookie", {
-                        credentials: "include",
-                    })
-                        .then((resp) => resp.text())
-                        .then((text) => console.log(`Completed JWT Cookie refresh: ${text}`))
-                        .catch((err) => {
-                            console.log("Failed to update jwt-cookie", err);
-                        });
-                }, frequencyMs);
+                _gp.jwtTimer = setInterval(refetchCookie, frequencyMs);
+
+                setTimeout(refetchCookie, 20_000);
             }
         },
         [user, client],

diff --git a/components/server/src/auth/login-completion-handler.ts b/components/server/src/auth/login-completion-handler.ts
@@ -103,6 +103,7 @@ export class LoginCompletionHandler {
         // (default case) If we got redirected here onto the base domain of the Gitpod installation, we can just issue the cookie right away.
         const cookie = await this.session.createJWTSessionCookie(user.id);
         response.cookie(cookie.name, cookie.value, cookie.opts);
+        this.session.setHashedUserIdCookie(request, response);
         reportJWTCookieIssued();
 
         log.info(logContext, `User is logged in successfully. Redirect to: ${returnTo}`);

diff --git a/components/server/src/session-handler.ts b/components/server/src/session-handler.ts
@@ -241,7 +241,7 @@ export class SessionHandler {
         });
     }
 
-    private setHashedUserIdCookie(req: express.Request, res: express.Response): void {
+    public setHashedUserIdCookie(req: express.Request, res: express.Response): void {
         const user = req.user as User;
         if (!user) return;