-
Notifications
You must be signed in to change notification settings - Fork 452
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(session): allow update of session without token #7963
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Thanks for your contribution! 🎉Please make sure you tick the following checkboxes before marking this Pull Request (PR) as ready for review:
|
Keep using the session token for session deletions.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7963 +/- ##
==========================================
+ Coverage 62.74% 62.76% +0.01%
==========================================
Files 1341 1341
Lines 111033 111028 -5
==========================================
+ Hits 69673 69688 +15
+ Misses 37432 37417 -15
+ Partials 3928 3923 -5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
🎉 This PR is included in version 2.53.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Which Problems Are Solved
The session update requires the current session token as argument.
Since this adds extra complexity but no real additional security and prevents case like magic links, we want to remove this requirement.
We still require the session token on other resouces / endpoints, e.g. for finalizing the auth request or on idp intents.
How the Problems Are Solved
Additional Changes
Additional Context