fix(authn): forward state and token cookies to distinct metadata keys by erka · Pull Request #5479 · flipt-io/flipt

erka · 2026-03-04T23:38:50Z

ForwardCookies was writing both flipt_client_state and flipt_client_token
cookies into the flipt_client_state metadata key. When both cookies were
present, callback state validation could fail with "unexpected state parameter",
commonly after restart when a stale token cookie existed.

ForwardCookies was writing both flipt_client_state and flipt_client_token cookies into the flipt_client_state metadata key. When both cookies were present, callback state validation could fail with "unexpected state parameter", commonly after restart when a stale token cookie existed. Signed-off-by: Roman Dmytrenko <rdmytrenko@gmail.com>

dosubot · 2026-03-04T23:40:05Z

Related Documentation

Checked 4 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}

codecov · 2026-03-04T23:48:28Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.40%. Comparing base (6fec5f3) to head (ccf6e22).
⚠️ Report is 2 commits behind head on v2.

Additional details and impacted files

@@            Coverage Diff             @@
##               v2    #5479      +/-   ##
==========================================
+ Coverage   59.94%   60.40%   +0.45%     
==========================================
  Files         141      141              
  Lines       13995    13995              
==========================================
+ Hits         8389     8453      +64     
+ Misses       4890     4821      -69     
- Partials      716      721       +5

Flag	Coverage Δ
integrationtests	`34.32% <0.00%> (+1.47%)`	⬆️
unittests	`51.53% <100.00%> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

markphelps

ty so much!

erka requested a review from a team as a code owner March 4, 2026 23:38

dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Mar 4, 2026

erka added the v2 Flipt v2 label Mar 4, 2026

github-project-automation bot added this to Flipt V2 Mar 4, 2026

erka requested a review from markphelps March 4, 2026 23:56

erka mentioned this pull request Mar 5, 2026

fix(authn): forward state and token cookies to distinct metadata keys #5480

Merged

markphelps approved these changes Mar 5, 2026

View reviewed changes

erka added the automerge Used by Kodiak bot to automerge PRs label Mar 5, 2026

erka merged commit 787fb07 into v2 Mar 5, 2026
51 of 52 checks passed

erka deleted the rd/v2/forward-cookie branch March 5, 2026 20:41

github-project-automation bot moved this to Done in Flipt V2 Mar 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(authn): forward state and token cookies to distinct metadata keys#5479

fix(authn): forward state and token cookies to distinct metadata keys#5479
erka merged 1 commit intov2from
rd/v2/forward-cookie

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants