Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-21 22:09:36 +02:00
Code Issues Releases Activity

feat: Refactor session cookie domain handling to use psl for improved domain parsing

Browse source
This commit is contained in:
Sean Morley 2025-01-26 20:18:50 -05:00
parent d326d38329
commit f5dc0ceb0a
3 changed files with 11 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

3
backend/server/main/settings.py
View file

@ -152,9 +152,6 @@ else:
# Fallback to the hostname if parsing fails # Fallback to the hostname if parsing fails
SESSION_COOKIE_DOMAIN = hostname SESSION_COOKIE_DOMAIN = hostname
print("SESSION_COOKIE_DOMAIN:", SESSION_COOKIE_DOMAIN)
# Static files (CSS, JavaScript, Images) # Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/ # https://docs.djangoproject.com/en/1.7/howto/static-files/

22
frontend/src/routes/+page.server.ts
View file

@ -1,5 +1,7 @@
const PUBLIC_SERVER_URL = process.env['PUBLIC_SERVER_URL']; const PUBLIC_SERVER_URL = process.env['PUBLIC_SERVER_URL'];
import { redirect, type Actions } from '@sveltejs/kit'; import { redirect, type Actions } from '@sveltejs/kit';
// @ts-ignore
import psl from 'psl';
import { themes } from '$lib'; import { themes } from '$lib';
import { fetchCSRFToken } from '$lib/index.server'; import { fetchCSRFToken } from '$lib/index.server';
import type { PageServerLoad } from './$types'; import type { PageServerLoad } from './$types';
@ -43,23 +45,21 @@ export const actions: Actions = {
credentials: 'include' credentials: 'include'
}); });
// Determine the proper cookie domain // Get the proper cookie domain using psl
const hostname = event.url.hostname; const hostname = event.url.hostname;
const domainParts = hostname.split('.'); let cookieDomain;
// Check if hostname is an IP address
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname); const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
let cookieDomain: string | undefined = undefined;
if (!isIPAddress) { if (!isIPAddress) {
// Handle domain names const parsed = psl.parse(hostname);
if (domainParts.length > 2) {
// For subdomains like app.mydomain.com -> .mydomain.com if (parsed && parsed.domain) {
cookieDomain = '.' + domainParts.slice(-2).join('.'); // Use the parsed domain (e.g., mydomain.com)
} else if (domainParts.length === 2) { cookieDomain = `.${parsed.domain}`;
// For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
} }
} }
// No domain is set for IP addresses or single-part hostnames like "localhost"
// Delete the session cookie // Delete the session cookie
event.cookies.delete('sessionid', { event.cookies.delete('sessionid', {

2
frontend/src/routes/login/+page.server.ts
View file

@ -131,8 +131,6 @@ function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, respo
} }
// Do not set a domain for IP addresses or invalid hostnames // Do not set a domain for IP addresses or invalid hostnames
console.log('Setting sessionid cookie with domain:', cookieDomain);
event.cookies.set('sessionid', sessionId, { event.cookies.set('sessionid', sessionId, {
path: '/', path: '/',
httpOnly: true, httpOnly: true,