mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-07-21 22:09:36 +02:00
feat: Refactor session cookie domain handling to use psl for improved domain parsing
This commit is contained in:
Sean Morley
parent
d326d38329
commit
f5dc0ceb0a
3 changed files with 11 additions and 16 deletions
|
|
@ -152,9 +152,6 @@ else:
|
|||
# Fallback to the hostname if parsing fails
|
||||
SESSION_COOKIE_DOMAIN = hostname
|
||||
|
||||
print("SESSION_COOKIE_DOMAIN:", SESSION_COOKIE_DOMAIN)
|
||||
|
||||
|
||||
# Static files (CSS, JavaScript, Images)
|
||||
# https://docs.djangoproject.com/en/1.7/howto/static-files/
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
const PUBLIC_SERVER_URL = process.env['PUBLIC_SERVER_URL'];
|
||||
import { redirect, type Actions } from '@sveltejs/kit';
|
||||
// @ts-ignore
|
||||
import psl from 'psl';
|
||||
import { themes } from '$lib';
|
||||
import { fetchCSRFToken } from '$lib/index.server';
|
||||
import type { PageServerLoad } from './$types';
|
||||
|
|
@ -43,23 +45,21 @@ export const actions: Actions = {
|
|||
credentials: 'include'
|
||||
});
|
||||
|
||||
// Determine the proper cookie domain
|
||||
// Get the proper cookie domain using psl
|
||||
const hostname = event.url.hostname;
|
||||
const domainParts = hostname.split('.');
|
||||
let cookieDomain;
|
||||
|
||||
// Check if hostname is an IP address
|
||||
const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
|
||||
let cookieDomain: string | undefined = undefined;
|
||||
|
||||
if (!isIPAddress) {
|
||||
// Handle domain names
|
||||
if (domainParts.length > 2) {
|
||||
// For subdomains like app.mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + domainParts.slice(-2).join('.');
|
||||
} else if (domainParts.length === 2) {
|
||||
// For root domains like mydomain.com -> .mydomain.com
|
||||
cookieDomain = '.' + hostname;
|
||||
const parsed = psl.parse(hostname);
|
||||
|
||||
if (parsed && parsed.domain) {
|
||||
// Use the parsed domain (e.g., mydomain.com)
|
||||
cookieDomain = `.${parsed.domain}`;
|
||||
}
|
||||
}
|
||||
// No domain is set for IP addresses or single-part hostnames like "localhost"
|
||||
|
||||
// Delete the session cookie
|
||||
event.cookies.delete('sessionid', {
|
||||
|
|
|
|||
|
|
@ -131,8 +131,6 @@ function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, respo
|
|||
}
|
||||
// Do not set a domain for IP addresses or invalid hostnames
|
||||
|
||||
console.log('Setting sessionid cookie with domain:', cookieDomain);
|
||||
|
||||
event.cookies.set('sessionid', sessionId, {
|
||||
path: '/',
|
||||
httpOnly: true,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue