From 4a36fbb4c1a176161ca7339d6d22bf7851a0ceb0 Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Mon, 13 Jan 2025 18:06:16 -0500
Subject: [PATCH] fix: dynamically set session cookie domain based on request
 hostname

---
 backend/server/main/settings.py           |  1 -
 frontend/src/routes/login/+page.server.ts | 24 +++++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py
index 4129409..32e1a07 100644
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@@ -135,7 +135,6 @@ frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
 parsed_url = urlparse(frontend_url)
 domain_parts = parsed_url.hostname.split('.')
 SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
-print(SESSION_COOKIE_DOMAIN)
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
diff --git a/frontend/src/routes/login/+page.server.ts b/frontend/src/routes/login/+page.server.ts
index a57865c..6452180 100644
--- a/frontend/src/routes/login/+page.server.ts
+++ b/frontend/src/routes/login/+page.server.ts
@@ -103,19 +103,39 @@ export const actions: Actions = {
 	}
 };
 
-function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
+function handleSuccessfulLogin(event: RequestEvent, response: Response) {
 	const setCookieHeader = response.headers.get('Set-Cookie');
 	if (setCookieHeader) {
 		const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
 		const match = setCookieHeader.match(sessionIdRegex);
 		if (match) {
 			const [, sessionId, expiryString] = match;
+
+			// Get the proper cookie domain
+			const hostname = event.url.hostname;
+			const domainParts = hostname.split('.');
+			let cookieDomain: string | undefined = undefined;
+
+			if (domainParts.length > 2) {
+				// For subdomains like app.mydomain.com -> .mydomain.com
+				cookieDomain = '.' + domainParts.slice(-2).join('.');
+			} else if (domainParts.length === 2) {
+				// For root domains like mydomain.com -> .mydomain.com
+				cookieDomain = '.' + hostname;
+			} else {
+				// For localhost or single-part domains (e.g., "localhost")
+				cookieDomain = undefined; // Do not set the domain
+			}
+
+			console.log('Setting sessionid cookie with domain:', cookieDomain);
+
 			event.cookies.set('sessionid', sessionId, {
 				path: '/',
 				httpOnly: true,
 				sameSite: 'lax',
 				secure: event.url.protocol === 'https:',
-				expires: new Date(expiryString)
+				expires: new Date(expiryString),
+				domain: cookieDomain // Set the domain dynamically
 			});
 		}
 	}