mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-02-23 19:44:26 +08:00
cdef1b3ab0
Session was being lost due to the callback POST request cookies not being provided due to samesite=lax. This instead adds an additional hop in the flow to route the request via a GET request so the session is retained. SAML POST data is stored encrypted in cache via a unique ID then pulled out straight afterwards, and restored into POST for the SAML toolkit to validate. Updated testing to cover.