AUTH failed: Cookie is invalid

Hela · May 22, 2025, 9:45am

Hello HedgeDoc Community!

First of all, I read the other topics that share a similar problem but their solutions didn’t help me at all.

My version of HedgeDoc is: 1.10.3

I am deploying HedgeDoc on OKD (openshift community distribution) using Helm with Nginx as a reverse proxy. I got the first page as expected but when i click on the “new guest note” button, the page keeps on loading with no result. When i inspect the page in firefox navigator “AUTH failed: Cookie is invalid” as it’s shown below:

I also inspected the network section that shows the cookie in the request header but not in the response (I think this proves that the cookie is not set in the browser).
When i checked the cookies on the naviagtor i didn’t find one named connect.sid which is supposed to be the default sessionName ( i don’t know if this has to do something with my actual problem).

I followed the official doc to configure hedgedoc and nginx. Here’re the variables/values described in my values.yaml:

  config:
    files: 
      - mountPath: /config.json
        contents: |
         { 
            "csp": {
              "enable": true,
              "directives": {
              },
              "upgradeInsecureRequests": "auto",
              "addDefaults": true,
              "addDisqus": true
            }
         }
    env:
        CMD_CONFIG_FILE: '/config.json'
        CMD_DOMAIN: 'hedgedoc.fr'
        CMD_URL_ADDPORT: 'false'
        CMD_PORT: '9000'
        CMD_DB_DIALECT: 'mariadb'
        CMD_DB_USERNAME: 'hedgedoc_preprod’
        CMD_DB_PORT: ’3306
        CMD_DB_HOST: ‘test.fr'
        CMD_DB_DATABASE: 'hedgedoc_preprod’
        CMD_DB_PASSWORD: ''
        CMD_CSP_ENABLE: 'true'
        CMD_PROTOCOL_USESSL: 'true'
        CMD_USESSL: 'false'
        CMD_LOGLEVEL: 'debug'
        CMD_ALLOW_ORIGIN: '["*"]'
        debug: 'true'
        CMD_TRUST_PROXY: 'true'
        CMD_ALLOW_ANONYMOUS: 'true'
        CMD_ALLOW_ANONYMOUS_EDITS: 'true'
      

nginx:
  enabled: true
  initWithIndex: false
  config:
    templates:
      default.conf.template: |
        map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
        }
        
       "$http_user_agent"';
        server {
          listen      80;
          server_name hedgedoc.apps.fr;
        

          location / {
                  proxy_pass http://hedgedoc:9001;
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
          }
  
          location /socket.io/ {
                  proxy_pass http://hedgedoc-php:9001;
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_set_header Upgrade $http_upgrade;
                  proxy_set_header Connection $connection_upgrade;
          }
         }

Then to deploy HedgeDoc using the values above, i use this command and i add the passwords.secrets that are saved in gitlab CI/CD variables:

helm upgrade --install hedgedoc helm-hedge -f values.yaml --set "imagePullSecrets.gitlab.password=$HEDGEDOC_GIT_PASS" --set "imagePullSecrets.gitlab-registry.password=$HEDGEDOC_GIT_PASS" --set "config.env.CMD_DB_PASSWORD=$CMD_DB_PASSWORD" --set "config.env.CMD_SESSION_SECRET=$CMD_SESSION_SECRET"

PS: to generate the CMD_SESSION_SECRET which is the cookie session secret, i used this command:

openssl rand -hex 32

I know that there’s a variable that’s missing or misconfigured so please help me to figure this out and thank you in advance.