d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4f85e0bf0e59e78511998aefc5d2076ed13b0a14
proxmox/docs/04-configuration/MIM4U_SESSION_COOKIES.md
defiQUG 4f97e27f69
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
MIM4U: nginx install/deploy/backup scripts, rate limit, CSP, docs; submodule pointer; txpool retry script 
Made-with: Cursor
2026-02-26 22:35:24 -08:00

1.1 KiB
Raw Blame History

MIM4U Portals — Session Cookie Configuration

Purpose: Ensure Portals (and any auth) use secure session cookies: HttpOnly, Secure, SameSite.

Where to configure

  • Azure Static Web Apps / Entra (Azure AD): If MIM4U uses Azure for auth, session cookies are typically set by the platform. In Azure Portal → App registrations → your app → Authentication, ensure:
    • Redirect URIs use https://mim4u.org (and https://secure.mim4u.org if used).
    • Implicit grant and legacy options are off unless required.
  • Custom API (VMID 7811): If the API issues its own session cookies (e.g. JWT in cookie or session id), set when setting the cookie:
    • HttpOnly=true
    • Secure=true (only over HTTPS)
    • SameSite=Lax or Strict
    • Path=/ or the minimal path needed

Example (Node/Express-style)

res.cookie('session', token, {
  httpOnly: true,
  secure: true,
  sameSite: 'lax',
  path: '/',
  maxAge: 24 * 60 * 60 * 1000
})

NPMplus / nginx

NPMplus terminates SSL; it does not set application session cookies. Cookie flags are set by the application (Azure or API on 7811).

Reference in New Issue View Git Blame Copy Permalink