[FEAT] Allow to specify session cookie name

Question

[FEAT] Allow to specify session cookie name

bassterror opened this issue a year ago · 11 comments

Is this a new feature request?

I have searched the existing issues

Wanted change

In release 4.6.0 qbittorrent introduced this feature where you should be able to specify the name of the session cookie. It is mentioned here "WEBUI: WebAPI: Allow to specify session cookie name (glassez)". I'm not sure if this can be used in the current docker state, or I just can't figure it out.

Reason for change

I'm running two instances of the docker-qbittorrent. They have separate ports, appdata directories, etc. Everything is fine, but they both use the same cookie in my browser. So if you have an open tab with one of the instances and you log into the other one, the first one is logged out. If you open the second one in "incognito tab" (or another browser) that is not happening. I believe this feature will resolve the issue. I appreciate this is not big deal, but still I think it's useful.

Proposed code change

No response

Answer 1 · 2023-11-29T19:18:46.000Z

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

Answer 2 · 2023-11-29T19:22:15.000Z

Looking at the code, in principle you should just be able to pass DEFAULT_SESSION_COOKIE_NAME into the container.

Edit: PR for reference qbittorrent/qBittorrent#18384

Answer 3 · 2023-11-29T19:43:08.000Z

Thank you for the quick answer! Unfortunately I tried and it isn't working. No change in behavior.

Answer 4 · 2023-11-29T19:47:53.000Z

Re-reading the comments on that PR it doesn't look like they ever added the CLI or ENV option for setting it, only directly in the config file.

Answer 5 · 2023-11-29T19:55:46.000Z

It also doesn't look like it's actually possible to set it from the WebUI. I'm not sure this actually works at all based on my tests.

Answer 6 · 2023-11-29T20:02:40.000Z

Yes, I tried adding:
WebAPI\SessionCookieName=
or
WebUI\SessionCookieName=

No result. The cookie is always named "SID", I think.

Answer 7 · 2023-11-29T20:07:39.000Z

Comment on a related issue is

Now it is possible to change session cookie nane only by manually editing the configuration file, and I highly doubt that it is necessary to add such an option to any kind of UI:

I believe that in the vast majority of cases it will be used by no-GUI instances, so it is a waste of effort to add this option to the GUI, as for the WebUI itself, I also doubt usefulness of this option, since it must be configured before the instance is launched.

Answer 8 · 2023-11-29T20:17:03.000Z

So, completely inexplicably, and in a break from every other setting, it needs to go outside all of the preferences sections of the conf file. i.e. right at the top like:

WebAPI\SessionCookieName=steve

[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/config/qBittorrent/logs
...

Answer 9 · 2023-11-29T20:23:48.000Z

Believe it or not, I was just commenting on that. I reviewed the code and I also noticed that this method is getting the setting with a different pattern. For example "Preferences/WebUI/SessionTimeout", but this one is just "WebAPI/SessionCookieName".
I tried it and it works.

Thank you so much for the help!

Answer 10 · 2023-11-29T20:31:21.000Z

Just a quick note: When I stopped the container it rearranged the config and it makes sense.

[WebAPI]
SessionCookieName=qbitdht

Answer 11 · 2023-11-29T20:36:31.000Z

I'm not sure that makes any more sense compared to the existing settings, but thanks for letting us know.