firebase sessio cookies (create_session_cookie) working in combination with firebase storage












0















I have firebase authentication running nicely using using the create_session_cookie function in the server SDK.



session_cookie = auth.create_session_cookie(id_token, expires_in=expires_in)
response.set_cookie('session', session_cookie,
expires=expires, httponly=True, secure=False)


This work great to have persistent and secure tokens (secure flag is false as we are still in dev stage). Now here comes the question /problem:



After exploring our options for a while we would like to try out firebase storage such that our firebase authenticated users can directly upload their (very large > 1 GB) files to our firebase storage. while the storage itself is working, request.auth seems to be null (although I did not logout of firebase), while the firebase storage documentation claims I could use this while beeing logged in to firebase:
https://firebase.google.com/docs/storage/security/



Then I discoverd that in the "manage session cookie documentation" actually mentions that




Firebase session cookies cannot be used with other Firebase services
due to their custom validity period




https://firebase.google.com/docs/auth/admin/manage-cookies



It seems stupid but is it realy true that the firebase does not allow to use its own cookie to be used in their storage ??



So my question is can firebase session cookies somehow be used for security rules inside firebase storage, if yes how? If not, what would be the next best option using firebase storage? I really tried a long time to find something, but found nothing.
Thanks.










share|improve this question

























  • Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

    – bojeil
    Dec 3 '18 at 23:02
















0















I have firebase authentication running nicely using using the create_session_cookie function in the server SDK.



session_cookie = auth.create_session_cookie(id_token, expires_in=expires_in)
response.set_cookie('session', session_cookie,
expires=expires, httponly=True, secure=False)


This work great to have persistent and secure tokens (secure flag is false as we are still in dev stage). Now here comes the question /problem:



After exploring our options for a while we would like to try out firebase storage such that our firebase authenticated users can directly upload their (very large > 1 GB) files to our firebase storage. while the storage itself is working, request.auth seems to be null (although I did not logout of firebase), while the firebase storage documentation claims I could use this while beeing logged in to firebase:
https://firebase.google.com/docs/storage/security/



Then I discoverd that in the "manage session cookie documentation" actually mentions that




Firebase session cookies cannot be used with other Firebase services
due to their custom validity period




https://firebase.google.com/docs/auth/admin/manage-cookies



It seems stupid but is it realy true that the firebase does not allow to use its own cookie to be used in their storage ??



So my question is can firebase session cookies somehow be used for security rules inside firebase storage, if yes how? If not, what would be the next best option using firebase storage? I really tried a long time to find something, but found nothing.
Thanks.










share|improve this question

























  • Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

    – bojeil
    Dec 3 '18 at 23:02














0












0








0








I have firebase authentication running nicely using using the create_session_cookie function in the server SDK.



session_cookie = auth.create_session_cookie(id_token, expires_in=expires_in)
response.set_cookie('session', session_cookie,
expires=expires, httponly=True, secure=False)


This work great to have persistent and secure tokens (secure flag is false as we are still in dev stage). Now here comes the question /problem:



After exploring our options for a while we would like to try out firebase storage such that our firebase authenticated users can directly upload their (very large > 1 GB) files to our firebase storage. while the storage itself is working, request.auth seems to be null (although I did not logout of firebase), while the firebase storage documentation claims I could use this while beeing logged in to firebase:
https://firebase.google.com/docs/storage/security/



Then I discoverd that in the "manage session cookie documentation" actually mentions that




Firebase session cookies cannot be used with other Firebase services
due to their custom validity period




https://firebase.google.com/docs/auth/admin/manage-cookies



It seems stupid but is it realy true that the firebase does not allow to use its own cookie to be used in their storage ??



So my question is can firebase session cookies somehow be used for security rules inside firebase storage, if yes how? If not, what would be the next best option using firebase storage? I really tried a long time to find something, but found nothing.
Thanks.










share|improve this question
















I have firebase authentication running nicely using using the create_session_cookie function in the server SDK.



session_cookie = auth.create_session_cookie(id_token, expires_in=expires_in)
response.set_cookie('session', session_cookie,
expires=expires, httponly=True, secure=False)


This work great to have persistent and secure tokens (secure flag is false as we are still in dev stage). Now here comes the question /problem:



After exploring our options for a while we would like to try out firebase storage such that our firebase authenticated users can directly upload their (very large > 1 GB) files to our firebase storage. while the storage itself is working, request.auth seems to be null (although I did not logout of firebase), while the firebase storage documentation claims I could use this while beeing logged in to firebase:
https://firebase.google.com/docs/storage/security/



Then I discoverd that in the "manage session cookie documentation" actually mentions that




Firebase session cookies cannot be used with other Firebase services
due to their custom validity period




https://firebase.google.com/docs/auth/admin/manage-cookies



It seems stupid but is it realy true that the firebase does not allow to use its own cookie to be used in their storage ??



So my question is can firebase session cookies somehow be used for security rules inside firebase storage, if yes how? If not, what would be the next best option using firebase storage? I really tried a long time to find something, but found nothing.
Thanks.







firebase firebase-authentication session-cookies firebase-storage firebase-security-rules






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 15:24









Frank van Puffelen

230k28376400




230k28376400










asked Nov 22 '18 at 9:08









Caspar GoekeCaspar Goeke

11




11













  • Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

    – bojeil
    Dec 3 '18 at 23:02



















  • Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

    – bojeil
    Dec 3 '18 at 23:02

















Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

– bojeil
Dec 3 '18 at 23:02





Since cookies are server side, you can validate them on your server and use Firebase Admin SDK to access that user's storage after verifying the payload of the session cookie and the user it belongs to.

– bojeil
Dec 3 '18 at 23:02












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427294%2ffirebase-sessio-cookies-create-session-cookie-working-in-combination-with-fire%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427294%2ffirebase-sessio-cookies-create-session-cookie-working-in-combination-with-fire%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Futebolista

Feedback on college project

Albești (Vaslui)