Fix session cookie name collision when running multiple PIC instances on localhost
Flask's default cookie name ('session') is shared across all ports on the same
hostname. When two PIC instances are accessed via localhost:portA and localhost:portB,
logging into one overwrites the other's session cookie, causing repeated logouts.
Derive a unique 8-hex suffix from each instance's persistent SECRET_KEY and set
SESSION_COOKIE_NAME = 'pic_sess_<suffix>'. This ensures each cell uses a distinct
cookie name, so sessions are fully isolated regardless of hostname.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -133,6 +133,12 @@ else:
|
||||
app.config['SECRET_KEY'] = _flask_secret
|
||||
app.config['SESSION_COOKIE_HTTPONLY'] = True
|
||||
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
|
||||
# Each PIC instance has a unique secret key — derive a short suffix from it so
|
||||
# multiple instances accessed via the same hostname (e.g. localhost:portA vs
|
||||
# localhost:portB) don't share session cookies and log each other out.
|
||||
import hashlib as _hl
|
||||
_cookie_suffix = _hl.sha256(_flask_secret).hexdigest()[:8]
|
||||
app.config['SESSION_COOKIE_NAME'] = f'pic_sess_{_cookie_suffix}'
|
||||
|
||||
# config_manager, service_bus, log_manager and all other managers are imported
|
||||
# from managers.py above — no re-instantiation needed here.
|
||||
|
||||
Reference in New Issue
Block a user