Skip to content

updating ttl to 14days#9446

Open
NamanMahor wants to merge 4 commits into
mainfrom
namanmahor/plat-474-pentest-set-expires_on-for-browser-tokens
Open

updating ttl to 14days#9446
NamanMahor wants to merge 4 commits into
mainfrom
namanmahor/plat-474-pentest-set-expires_on-for-browser-tokens

Conversation

@NamanMahor
Copy link
Copy Markdown
Contributor

@NamanMahor NamanMahor commented May 14, 2026
edited
Loading

PLAT-474: Pentest: Set expires_on for browser tokens

Checklist:

  • Covered by tests
  • Ran it and it works as intended
  • Reviewed the diff before requesting a review
  • Checked for unhandled edge cases
  • Linked the issues it closes
  • Checked if the docs need to be updated. If so, create a separate Linear DOCS issue
  • Intend to cherry-pick into the release branch
  • I'm proud of this work!

nishantmonu51
nishantmonu51 requested changes May 14, 2026
View reviewed changes
Comment thread admin/server/auth/handlers.go Outdated
@NamanMahor NamanMahor requested a review from nishantmonu51 May 15, 2026 05:38
begelundmuller
begelundmuller requested changes May 19, 2026
View reviewed changes
Comment thread admin/server/auth/handlers.go Outdated
Comment thread admin/server/auth/handlers.go Outdated
@NamanMahor NamanMahor requested a review from begelundmuller May 25, 2026 05:17
begelundmuller
begelundmuller requested changes May 26, 2026
View reviewed changes
Comment thread admin/server/auth/middleware.go
Comment on lines +106 to +110
validatedToken, err := a.admin.ValidateAuthToken(r.Context(), authToken)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
Copy link
Copy Markdown
Contributor

@begelundmuller begelundmuller May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Validation might fail due to just expiration or context failure, so using internal error here may not make sense. Instead, consider a) validating the token before writing out the refreshed cookie, b) if validating the token fails, just delete the cookie, then continue down the middleware chain (instead of blocking)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@begelundmuller begelundmuller begelundmuller requested changes

@himadrisingh himadrisingh Awaiting requested review from himadrisingh

@nishantmonu51 nishantmonu51 Awaiting requested review from nishantmonu51

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NamanMahor @begelundmuller @nishantmonu51