Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-21 22:09:36 +02:00
Code Issues Releases Activity

fix: dynamically set session cookie domain based on request hostname

Browse source
This commit is contained in:
Sean Morley 2025-01-13 18:06:16 -05:00
parent 062111d7fe
commit 4a36fbb4c1
2 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/server/main/settings.py
View file

@ -135,7 +135,6 @@ frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
parsed_url = urlparse(frontend_url) parsed_url = urlparse(frontend_url)
domain_parts = parsed_url.hostname.split('.') domain_parts = parsed_url.hostname.split('.')
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
print(SESSION_COOKIE_DOMAIN)
# Static files (CSS, JavaScript, Images) # Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/ # https://docs.djangoproject.com/en/1.7/howto/static-files/

24
frontend/src/routes/login/+page.server.ts
View file

@ -103,19 +103,39 @@ export const actions: Actions = {
} }
}; };
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) { function handleSuccessfulLogin(event: RequestEvent, response: Response) {
const setCookieHeader = response.headers.get('Set-Cookie'); const setCookieHeader = response.headers.get('Set-Cookie');
if (setCookieHeader) { if (setCookieHeader) {
const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/; const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
const match = setCookieHeader.match(sessionIdRegex); const match = setCookieHeader.match(sessionIdRegex);
if (match) { if (match) {
const [, sessionId, expiryString] = match; const [, sessionId, expiryString] = match;
// Get the proper cookie domain
const hostname = event.url.hostname;
const domainParts = hostname.split('.');
let cookieDomain: string | undefined = undefined;
if (domainParts.length > 2) {
// For subdomains like app.mydomain.com -> .mydomain.com
cookieDomain = '.' + domainParts.slice(-2).join('.');
} else if (domainParts.length === 2) {
// For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
} else {
// For localhost or single-part domains (e.g., "localhost")
cookieDomain = undefined; // Do not set the domain
}
console.log('Setting sessionid cookie with domain:', cookieDomain);
event.cookies.set('sessionid', sessionId, { event.cookies.set('sessionid', sessionId, {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
sameSite: 'lax', sameSite: 'lax',
secure: event.url.protocol === 'https:', secure: event.url.protocol === 'https:',
expires: new Date(expiryString) expires: new Date(expiryString),
domain: cookieDomain // Set the domain dynamically
}); });
} }
} }