User Request
Type: bug
Target: Console Application
Submitted by: @aaradhychinche-alt
Console Request ID: 4f4a9201-e111-468e-80f2-48bde4e124a0
Description
What happened:
When both Authorization header and cookie are present, the backend prioritizes the header. If the header token is stale or invalid, the request fails even if the cookie contains a valid session.
What I expected:
The system should either:
- use a single source of truth, or
- fallback to cookie if header token is invalid.
Steps to reproduce:
- Login and obtain token A.
- Refresh session to get token B in cookie.
- Send request with:
- Authorization: Bearer token A
- Cookie: token B
- Observe request fails with 401.
Relevant area:
Auth middleware (pkg/api/middleware/auth.go)
Suggested improvement:
Add fallback logic or enforce consistent token usage.
Impact:
Medium. Causes unexpected authentication failures.
This issue was automatically created from the KubeStellar Console.
User Request
Type: bug
Target: Console Application
Submitted by: @aaradhychinche-alt
Console Request ID: 4f4a9201-e111-468e-80f2-48bde4e124a0
Description
What happened:
When both Authorization header and cookie are present, the backend prioritizes the header. If the header token is stale or invalid, the request fails even if the cookie contains a valid session.
What I expected:
The system should either:
Steps to reproduce:
Relevant area:
Auth middleware (pkg/api/middleware/auth.go)
Suggested improvement:
Add fallback logic or enforce consistent token usage.
Impact:
Medium. Causes unexpected authentication failures.
This issue was automatically created from the KubeStellar Console.