chore: change x-remember-me to x-session-retention to avoid compatibi…

…lity issues
teamhanko · Nov 26, 2024 · 23794f8 · 23794f8
1 parent d1f1eee
commit 23794f8
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/backend/flow_api/flow/shared/hook_issue_session.go b/backend/flow_api/flow/shared/hook_issue_session.go
@@ -92,14 +92,16 @@ func (h IssueSession) Execute(c flowpilot.HookExecutionContext) error {
 		return fmt.Errorf("failed to parse session lifespan: %w", err)
 	}
 
+	sessionRetention := "persistent"
 	if deps.Cfg.Session.Cookie.Retention == "session" ||
 		(deps.Cfg.Session.Cookie.Retention == "prompt" && !rememberMeSelected) {
 		// Issue a session cookie.
 		cookie.MaxAge = 0
+		sessionRetention = "session"
 	}
 
 	deps.HttpContext.Response().Header().Set("X-Session-Lifetime", fmt.Sprintf("%d", int(lifespan.Seconds())))
-	deps.HttpContext.Response().Header().Set("X-Remember-Me", fmt.Sprintf("%t", rememberMeSelected))
+	deps.HttpContext.Response().Header().Set("X-Session-Retention", fmt.Sprintf("%s", sessionRetention))
 
 	if deps.Cfg.Session.EnableAuthTokenHeader {
 		deps.HttpContext.Response().Header().Set("X-Auth-Token", signedSessionToken)

diff --git a/backend/handler/public_router.go b/backend/handler/public_router.go
@@ -103,7 +103,7 @@ func NewPublicRouter(cfg *config.Config, persister persistence.Persister, promet
 		httplimit.HeaderRateLimitRemaining,
 		httplimit.HeaderRateLimitReset,
 		"X-Session-Lifetime",
-		"X-Remember-Me",
+		"X-Session-Retention",
 	}
 
 	if cfg.Session.EnableAuthTokenHeader {

diff --git a/frontend/frontend-sdk/src/lib/client/HttpClient.ts b/frontend/frontend-sdk/src/lib/client/HttpClient.ts
@@ -196,7 +196,7 @@ class HttpClient {
   processHeaders(xhr: XMLHttpRequest) {
     let jwt = "";
     let expirationSeconds = 0;
-    let rememberMe = false;
+    let retention = "";
 
     xhr
       .getAllResponseHeaders()
@@ -210,8 +210,8 @@ class HttpClient {
             xhr.getResponseHeader("X-Session-Lifetime"),
             10,
           );
-        } else if (header.startsWith("x-remember-me")) {
-          rememberMe = xhr.getResponseHeader("X-Remember-Me") === "true";
+        } else if (header.startsWith("x-session-retention")) {
+          retention = xhr.getResponseHeader("X-Session-Retention");
         }
       });
 
@@ -220,9 +220,10 @@ class HttpClient {
       const secure =
         !!this.api.match(https) && !!window.location.href.match(https);
 
-      const expires = rememberMe
-        ? new Date(new Date().getTime() + expirationSeconds * 1000)
-        : undefined;
+      const expires =
+        retention === "session"
+          ? undefined
+          : new Date(new Date().getTime() + expirationSeconds * 1000);
 
       this.cookie.setAuthCookie(jwt, { secure, expires });
     }