From 48a3fcc5c7c5328e4f03e3c3de240ab4630bb8e9 Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Tue, 6 May 2025 18:44:17 +0530
Subject: [PATCH 1/7] feat: create PgStoreOptions interface

---
 server/src/server.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/src/server.ts b/server/src/server.ts
index 58338ff4..e4783643 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -39,6 +39,14 @@ const pool = new Pool({
 
 const PgSession = connectPgSimple(session);
 
+interface PgStoreOptions {
+  pool: pg.Pool;
+  tableName: string;
+  createTableIfMissing?: boolean;
+  pruneSessionInterval?: number;
+  errorLog?: (err: Error) => void;
+}
+
 app.use(
   session({
     store: new PgSession({

From 63ad0f99beb74bc21a7c95324afc51d66b1a43b1 Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Tue, 6 May 2025 18:45:38 +0530
Subject: [PATCH 2/7] feat: session store w PgStoreOptions

---
 server/src/server.ts | 30 +++++++++---------------------
 1 file changed, 9 insertions(+), 21 deletions(-)

diff --git a/server/src/server.ts b/server/src/server.ts
index e4783643..1e225e57 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -47,27 +47,15 @@ interface PgStoreOptions {
   errorLog?: (err: Error) => void;
 }
 
-app.use(
-  session({
-    store: new PgSession({
-      pool: pool,
-      tableName: 'session',
-      createTableIfMissing: true,
-      pruneSessionInterval: 60 * 60,
-      errorLog: (err: any) => {
-        logger.log('error', `Session store error: ${err}`);
-      },
-    } as any),
-    }),
-    secret: 'mx-session',
-    resave: false, // Do not resave the session if it hasn't changed
-    saveUninitialized: true, // Save new sessions
-    cookie: {
-      secure: false, // Set to true if using HTTPS
-      maxAge: 24 * 60 * 60 * 1000, // 1-day session expiration
-    },
-  })
-);
+const sessionStore = new PgSession({
+  pool: pool,
+  tableName: 'session',
+  createTableIfMissing: true,
+  pruneSessionInterval: 15 * 60,
+  errorLog: (err: Error) => {
+    logger.log('error', `Session store error: ${err.message}`);
+  },
+} as PgStoreOptions);
 
 const server = http.createServer(app);
 

From 9433860b2d9c40c28d2c6e79d3e61e2645b2e0dc Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Tue, 6 May 2025 18:46:05 +0530
Subject: [PATCH 3/7] feat: app.use session store

---
 server/src/server.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/server/src/server.ts b/server/src/server.ts
index 1e225e57..ae055464 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -57,6 +57,19 @@ const sessionStore = new PgSession({
   },
 } as PgStoreOptions);
 
+app.use(
+  session({
+    store: sessionStore,
+    secret: 'mx-session',
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      secure: process.env.NODE_ENV === 'production',
+      maxAge: 24 * 60 * 60 * 1000,
+    }
+  })
+);
+
 const server = http.createServer(app);
 
 /**

From ae1dda3df9c3a56c36e5e82d8b0d9cda109241c3 Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Tue, 6 May 2025 19:02:55 +0530
Subject: [PATCH 4/7] feat: use SESSION_SECRET env var

---
 server/src/server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/server.ts b/server/src/server.ts
index ae055464..7f2d04d3 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -60,7 +60,7 @@ const sessionStore = new PgSession({
 app.use(
   session({
     store: sessionStore,
-    secret: 'mx-session',
+    secret: process.env.SESSION_SECRET || 'mx-session',
     resave: false,
     saveUninitialized: false,
     cookie: {

From 7fdc38a34c0f8c290085c9f314de1f3664f029b8 Mon Sep 17 00:00:00 2001
From: Karishma Shukla <carishmashukla28@gmail.com>
Date: Tue, 6 May 2025 19:06:46 +0530
Subject: [PATCH 5/7] feat: SESSION_SECRET

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index a16df810..fced1ea5 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,7 @@ You can access the frontend at http://localhost:5173/ and backend at http://loca
 | `DB_HOST`             | Yes       | Host address where the Postgres database server is running.                                  | Database connection will fail.                               |
 | `DB_PORT`             | Yes       | Port number used to connect to the Postgres database server.                                 | Database connection will fail.                               |
 | `ENCRYPTION_KEY`      | Yes       | Key used for encrypting sensitive data (proxies, passwords).                                 | Encryption functionality will not work.                      |
+| `SESSION_SECRET`      | No       | A strong, random string used to sign session cookies                                          | Uses default secret. Recommended to define your own session secret to avoid session hijacking.  |
 | `MINIO_ENDPOINT`      | Yes       | Endpoint URL for MinIO, to store Robot Run Screenshots.                                      | Connection to MinIO storage will fail.                       |
 | `MINIO_PORT`          | Yes       | Port number for MinIO service.                                                               | Connection to MinIO storage will fail.                       |
 | `MINIO_CONSOLE_PORT`          | No       | Port number for MinIO WebUI service. Needed for Docker setup.                         | Cannot access MinIO Web UI. |

From da8406c65e72f5035d63728aba593e56c107770f Mon Sep 17 00:00:00 2001
From: Karishma Shukla <carishmashukla28@gmail.com>
Date: Tue, 6 May 2025 19:09:40 +0530
Subject: [PATCH 6/7] feat: add SESSION_SECRET

---
 ENVEXAMPLE | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ENVEXAMPLE b/ENVEXAMPLE
index dbe5470c..1e552886 100644
--- a/ENVEXAMPLE
+++ b/ENVEXAMPLE
@@ -7,6 +7,7 @@ DB_PASSWORD=postgres                    # PostgreSQL password
 DB_HOST=postgres                        # Host for PostgreSQL in Docker
 DB_PORT=5432                            # Port for PostgreSQL (default: 5432)
 ENCRYPTION_KEY=f4d5e6a7b8c9d0e1f23456789abcdef01234567890abcdef123456789abcdef0      # Key for encrypting sensitive data (passwords and proxies)
+SESSION_SECRET=maxun_session
 MINIO_ENDPOINT=minio                    # MinIO endpoint in Docker
 MINIO_PORT=9000                         # Port for MinIO (default: 9000)
 MINIO_CONSOLE_PORT=9001                 # Web UI Port for MinIO (default: 9001)

From 456c5cc450fab11538178f930a8fadb0f8c1769c Mon Sep 17 00:00:00 2001
From: Karishma Shukla <carishmashukla28@gmail.com>
Date: Tue, 6 May 2025 19:10:24 +0530
Subject: [PATCH 7/7] feat: SESSION_SECRET note

---
 ENVEXAMPLE | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ENVEXAMPLE b/ENVEXAMPLE
index 1e552886..db461f55 100644
--- a/ENVEXAMPLE
+++ b/ENVEXAMPLE
@@ -7,7 +7,8 @@ DB_PASSWORD=postgres                    # PostgreSQL password
 DB_HOST=postgres                        # Host for PostgreSQL in Docker
 DB_PORT=5432                            # Port for PostgreSQL (default: 5432)
 ENCRYPTION_KEY=f4d5e6a7b8c9d0e1f23456789abcdef01234567890abcdef123456789abcdef0      # Key for encrypting sensitive data (passwords and proxies)
-SESSION_SECRET=maxun_session
+SESSION_SECRET=maxun_session # A strong, random string used to sign session cookies. Recommended to define your own session secret to avoid session hijacking.
+
 MINIO_ENDPOINT=minio                    # MinIO endpoint in Docker
 MINIO_PORT=9000                         # Port for MinIO (default: 9000)
 MINIO_CONSOLE_PORT=9001                 # Web UI Port for MinIO (default: 9001)