mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-21 22:09:36 +02:00
fix: dynamically set session cookie domain based on request hostname
This commit is contained in:
Sean Morley
parent
062111d7fe
commit
4a36fbb4c1
2 changed files with 22 additions and 3 deletions
|
|
@ -135,7 +135,6 @@ frontend_url = getenv('FRONTEND_URL', 'http://localhost:3000')
|
|||
parsed_url = urlparse(frontend_url)
|
||||
domain_parts = parsed_url.hostname.split('.')
|
||||
SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
|
||||
print(SESSION_COOKIE_DOMAIN)
|
||||
|
||||
# Static files (CSS, JavaScript, Images)
|
||||
# https://docs.djangoproject.com/en/1.7/howto/static-files/
|
||||
|
|
|
|||
|
|
@ -103,19 +103,39 @@ export const actions: Actions = {
|
|||
}
|
||||
};
|
||||
|
||||
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
|
||||
function handleSuccessfulLogin(event: RequestEvent, response: Response) {
|
||||
const setCookieHeader = response.headers.get('Set-Cookie');
|
||||
if (setCookieHeader) {
|
||||
const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
|
||||
const match = setCookieHeader.match(sessionIdRegex);
|
||||
if (match) {
|
||||
const [, sessionId, expiryString] = match;
|
||||
|
||||
// Get the proper cookie domain
|
||||
const hostname = event.url.hostname;
|
||||
const domainParts = hostname.split('.');
|
||||
let cookieDomain: string | undefined = undefined;
|
||||
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
} else {
|
||||
// For localhost or single-part domains (e.g., "localhost")
|
||||
cookieDomain = undefined; // Do not set the domain
|
||||
}
|
||||
|
||||
console.log('Setting sessionid cookie with domain:', cookieDomain);
|
||||
|
||||
event.cookies.set('sessionid', sessionId, {
|
||||
path: '/',
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
secure: event.url.protocol === 'https:',
|
||||
expires: new Date(expiryString)
|
||||
expires: new Date(expiryString),
|
||||
domain: cookieDomain // Set the domain dynamically
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue