Session Management #4820

New Issue

OVERLORD · 2026-02-05T09:18:29+03:00

OVERLORD commented

2026-02-05 09:18:29 +03:00

Originally created by @JoMo1970 on GitHub (Jun 7, 2024).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hello. I am trying to enable BookStack to accept a cookie to maintain a session. I have confirmed that I am sending a cookie to bookstack and can see it in the request headers as a cookie. However, the redirect to the app still happens back to APP_URL no matter if I pass in the cookie or not. I have set the cookie name as a passed in environment variable to the docker container running bookstack. I am sure am doing something wrong but I cannot find any direct answers on why this is happening. Thanks.

Exact BookStack Version

latest docker container

Log Content

No response

Hosting Environment

Official BookStack Docker container

Originally created by @JoMo1970 on GitHub (Jun 7, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hello. I am trying to enable BookStack to accept a cookie to maintain a session. I have confirmed that I am sending a cookie to bookstack and can see it in the request headers as a cookie. However, the redirect to the app still happens back to APP_URL no matter if I pass in the cookie or not. I have set the cookie name as a passed in environment variable to the docker container running bookstack. I am sure am doing something wrong but I cannot find any direct answers on why this is happening. Thanks. ### Exact BookStack Version latest docker container ### Log Content _No response_ ### Hosting Environment Official BookStack Docker container

OVERLORD added the 🐕 Support label 2026-02-05 09:18:29 +03:00

OVERLORD closed this issue

2026-02-05 09:18:31 +03:00

OVERLORD commented

2026-02-05 09:18:33 +03:00

@ssddanbrown commented on GitHub (Jun 8, 2024):

Hi @JoMo1970,
I'm really not sure what you're attempting to do here, sorry for not understanding.
What's the overall setup/goal? What's led you to the point of attempting to send specific session cookies? Where are they coming from?

@ssddanbrown commented on GitHub (Jun 8, 2024): Hi @JoMo1970, I'm really not sure what you're attempting to do here, sorry for not understanding. What's the overall setup/goal? What's led you to the point of attempting to send specific session cookies? Where are they coming from?

OVERLORD commented

2026-02-05 09:18:37 +03:00

@JoMo1970 commented on GitHub (Jun 8, 2024):

Hello @ssddanbrown. I am trying to maintain a session with BookStack by passing in a cookie that will be within the request headers of a url that redirects to address:6875. Mind you, I am not sure 100% sure of how to make this flow work. Basically, when a user logs in to a specific web app, it is going to have a cookie available and if BookStack is pre-configured to have this cookie to be checked in BookStack, then I am wanting to keep that session open to use BookStack after a redirect from the login flow.

I am really new to BookStack so I am not if I am understanding how the session cookie is suppposed to work. I hope this makes sense. Please let me know. Thanks.

@JoMo1970 commented on GitHub (Jun 8, 2024): Hello @ssddanbrown. I am trying to maintain a session with BookStack by passing in a cookie that will be within the request headers of a url that redirects to address:6875. Mind you, I am not sure 100% sure of how to make this flow work. Basically, when a user logs in to a specific web app, it is going to have a cookie available and if BookStack is pre-configured to have this cookie to be checked in BookStack, then I am wanting to keep that session open to use BookStack after a redirect from the login flow. I am really new to BookStack so I am not if I am understanding how the session cookie is suppposed to work. I hope this makes sense. Please let me know. Thanks.

OVERLORD commented

2026-02-05 09:18:38 +03:00

@ssddanbrown commented on GitHub (Jun 8, 2024):

@JoMo1970 Session cookies are really not intended to be created or managed externally in any way.
Attempting to manage/set cookies across origins is a mess anyway with various browser-level barriers.
It's definately out the remit of what's supported.

Ignoring cookies, or specific technical implementation ideas, what's the overall goal here?
You want to log users into BookStack after they log into a different application?
If so, is the other app just there for authorization or does it do something completely different?
Assuming you're attempting to code a solution, where are you running the code? On the other non-bookstack app I assume? If so, is the browser-side or server-side?

@ssddanbrown commented on GitHub (Jun 8, 2024): @JoMo1970 Session cookies are really not intended to be created or managed externally in any way. Attempting to manage/set cookies across origins is a mess anyway with various browser-level barriers. It's definately out the remit of what's supported. Ignoring cookies, or specific technical implementation ideas, what's the overall goal here? You want to log users into BookStack after they log into a different application? If so, is the other app just there for authorization or does it do something completely different? Assuming you're attempting to code a solution, where are you running the code? On the other non-bookstack app I assume? If so, is the browser-side or server-side?

OVERLORD commented

2026-02-05 09:18:40 +03:00

@JoMo1970 commented on GitHub (Jun 8, 2024):

@ssddanbrown - yes, the goal is to log users into bookstack after they have logged into another application and then that user tries to open bookstack.
We were originally going to create a SSO provider and then connect that to openstack but we hit a few roadblocks on the current code-base.

The bottom line objective is to basically maintain a session between bookstack and another application. I was hoping a cookie would be the easiest way to do this. Thoughts?

Fyi - bookstack will be running on a podman container seperate from the main application that logs the user in.

@JoMo1970 commented on GitHub (Jun 8, 2024): @ssddanbrown - yes, the goal is to log users into bookstack after they have logged into another application and then that user tries to open bookstack. We were originally going to create a SSO provider and then connect that to openstack but we hit a few roadblocks on the current code-base. The bottom line objective is to basically maintain a session between bookstack and another application. I was hoping a cookie would be the easiest way to do this. Thoughts? Fyi - bookstack will be running on a podman container seperate from the main application that logs the user in.

OVERLORD commented

2026-02-05 09:18:42 +03:00

@ssddanbrown commented on GitHub (Feb 25, 2025):

Sorry for the late response.
I really could no advise attempting this via cookie sharing, it's very much not supported and prone to error.
Focusing on SSO really is the proper way to go about this.

Since this thread is a little old now I'm going to go ahead and close this off.

@ssddanbrown commented on GitHub (Feb 25, 2025): Sorry for the late response. I really could no advise attempting this via cookie sharing, it's very much not supported and prone to error. Focusing on SSO really is the proper way to go about this. Since this thread is a little old now I'm going to go ahead and close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4820