alex/voyage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #441 from seanmorley15/development

Browse Source 
fix: dynamically set session cookie domain based on request hostname
This commit is contained in:
Sean Morley
2025-01-13 18:15:56 -05:00
committed by GitHub
parent 145a3f00c5 4a36fbb4c1
commit 609f68b10d
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/server/main/settings.py
View File

@@ -135,7 +135,6 @@ frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
parsed_url = urlparse(frontend_url) parsed_url = urlparse(frontend_url)
domain_parts = parsed_url.hostname.split('.') domain_parts = parsed_url.hostname.split('.')
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
print(SESSION_COOKIE_DOMAIN)
# Static files (CSS, JavaScript, Images) # Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/ # https://docs.djangoproject.com/en/1.7/howto/static-files/

24
frontend/src/routes/login/+page.server.ts
View File

@@ -103,19 +103,39 @@ export const actions: Actions = {
} }
}; };
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) { function handleSuccessfulLogin(event: RequestEvent, response: Response) {
const setCookieHeader = response.headers.get('Set-Cookie'); const setCookieHeader = response.headers.get('Set-Cookie');
if (setCookieHeader) { if (setCookieHeader) {
const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/; const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
const match = setCookieHeader.match(sessionIdRegex); const match = setCookieHeader.match(sessionIdRegex);
if (match) { if (match) {
const [, sessionId, expiryString] = match; const [, sessionId, expiryString] = match;
// Get the proper cookie domain
const hostname = event.url.hostname;
const domainParts = hostname.split('.');
let cookieDomain: string | undefined = undefined;
if (domainParts.length > 2) {
// For subdomains like app.mydomain.com -> .mydomain.com
cookieDomain = '.' + domainParts.slice(-2).join('.');
} else if (domainParts.length === 2) {
// For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
} else {
// For localhost or single-part domains (e.g., "localhost")
cookieDomain = undefined; // Do not set the domain
}
console.log('Setting sessionid cookie with domain:', cookieDomain);
event.cookies.set('sessionid', sessionId, { event.cookies.set('sessionid', sessionId, {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
sameSite: 'lax', sameSite: 'lax',
secure: event.url.protocol === 'https:', secure: event.url.protocol === 'https:',
expires: new Date(expiryString) expires: new Date(expiryString),
domain: cookieDomain // Set the domain dynamically
}); });
} }
} }