Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-08-05 05:05:17 +02:00
Code Issues Releases Activity

feat: Update session cookie domain handling using publicsuffix2 and psl libraries

Browse source
This commit is contained in:
Sean Morley 2025-01-26 20:06:47 -05:00
parent 6a5bfbda2d
commit d326d38329
5 changed files with 44 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

23
frontend/src/routes/login/+page.server.ts
View file

@ -1,5 +1,6 @@
import { fail, redirect, type RequestEvent } from '@sveltejs/kit';
// @ts-ignore
import psl from 'psl';
import type { Actions, PageServerLoad, RouteParams } from './$types';
import { getRandomBackground, getRandomQuote } from '$lib';
import { fetchCSRFToken } from '$lib/index.server';
@ -105,7 +106,7 @@ export const actions: Actions = {
}
};
function handleSuccessfulLogin(event: RequestEvent, response: Response) {
function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
const setCookieHeader = response.headers.get('Set-Cookie');
if (setCookieHeader) {
const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
@ -113,24 +114,22 @@ function handleSuccessfulLogin(event: RequestEvent, response: Response) {
if (match) {
const [, sessionId, expiryString] = match;
// Get the proper cookie domain
// Get the proper cookie domain using psl
const hostname = event.url.hostname;
const domainParts = hostname.split('.');
let cookieDomain: string | undefined = undefined;
let cookieDomain;
// Check if hostname is an IP address
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
if (!isIPAddress) {
if (domainParts.length > 2) {
// For subdomains like app.mydomain.com -> .mydomain.com
cookieDomain = '.' + domainParts.slice(-2).join('.');
} else if (domainParts.length === 2) {
// For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
const parsed = psl.parse(hostname);
if (parsed && parsed.domain) {
// Use the parsed domain (e.g., mydomain.com)
cookieDomain = `.${parsed.domain}`;
}
}
// Do not set a domain for IP addresses or single-part hostnames
// Do not set a domain for IP addresses or invalid hostnames
console.log('Setting sessionid cookie with domain:', cookieDomain);