feat: use JWT ticket to avoid DB queries on apps (#6148)

Issue a JWT ticket on the first request with a short expiry that contains details about which workspace/agent/app combo the ticket is valid for.
2025-07-03 16:13:58 +00:00 · 2023-03-08 06:38:11 +11:00
parent f8494d2bac
commit 1bdd2abed7
37 changed files with 2809 additions and 969 deletions
--- a/coderd/httpapi/cookie.go
+++ b/coderd/httpapi/cookie.go
@ -22,7 +22,9 @@ func StripCoderCookies(header string) string {
 		name, _, _ := strings.Cut(part, "=")
 		if name == codersdk.SessionTokenCookie ||
 			name == codersdk.OAuth2StateCookie ||
-			name == codersdk.OAuth2RedirectCookie {
+			name == codersdk.OAuth2RedirectCookie ||
+			name == codersdk.DevURLSessionTokenCookie ||
+			name == codersdk.DevURLSessionTicketCookie {
 			continue
 		}
 		cookies = append(cookies, part)