Re: [PR] Scope session token in cookie to base_url [airflow]

Tue, 03 Mar 2026 06:54:17 -0800 


vincbeck commented on code in PR #62771:
URL: https://github.com/apache/airflow/pull/62771#discussion_r2878739251


##########
providers/amazon/src/airflow/providers/amazon/aws/auth_manager/routes/login.py:
##########
@@ -34,9 +34,14 @@
 from airflow.providers.amazon.aws.auth_manager.constants import 
CONF_SAML_METADATA_URL_KEY, CONF_SECTION_NAME
 from airflow.providers.amazon.aws.auth_manager.datamodels.login import 
LoginResponse
 from airflow.providers.amazon.aws.auth_manager.user import AwsAuthManagerUser
-from airflow.providers.amazon.version_compat import AIRFLOW_V_3_1_1_PLUS
+from airflow.providers.amazon.version_compat import AIRFLOW_V_3_1_1_PLUS, 
AIRFLOW_V_3_1_8_PLUS
 from airflow.providers.common.compat.sdk import conf
 
+if AIRFLOW_V_3_1_8_PLUS:
+    from airflow.api_fastapi.app import get_cookie_path
+else:
+    get_cookie_path = lambda: "/"

Review Comment:
   Smart



##########
airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/src/login/Login.tsx:
##########
@@ -47,20 +54,30 @@ const LOCAL_STORAGE_DISABLE_BANNER_KEY = 
"disable-sam-banner";
 
 export const Login = () => {
   const [searchParams] = useSearchParams();
-  const [, setCookie] = useCookies(["_token"]);
+  const [, setCookie, removeCookie] = useCookies(["_token"]);
   const [isBannerDisabled, setIsBannerDisabled] = useState(
     localStorage.getItem(LOCAL_STORAGE_DISABLE_BANNER_KEY),
   );
 
   const onSuccess = (data: LoginResponse) => {
-    // Fallback similar to FabAuthManager, strip off the next
-    const fallback = "/";
+    // Fall back to the Airflow base path (e.g. "/team-a/") so that
+    // logins without a "next" parameter (e.g. after logout) redirect
+    // to the correct subpath instead of the server root "/".
+    const fallback = cookiePath;
 
     // Redirect to appropriate page with the token
     const next = searchParams.get("next") ?? fallback;
 
+    // Remove any stale _token cookie at root path to prevent duplicate

Review Comment:
   Thanks for adding these comments, very useful



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to