Merge pull request #441 from seanmorley15/development

fix: dynamically set session cookie domain based on request hostname

backend/server/main/settings.py

@@ -135,7 +135,6 @@
 parsed_url = urlparse(frontend_url)
 domain_parts = parsed_url.hostname.split('.')
 SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) > 1 else parsed_url.hostname
-print(SESSION_COOKIE_DOMAIN)
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/

frontend/src/routes/login/+page.server.ts

@@ -103,19 +103,39 @@ export const actions: Actions = {
 	}
 };
 
-function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
+function handleSuccessfulLogin(event: RequestEvent, response: Response) {
 	const setCookieHeader = response.headers.get('Set-Cookie');
 	if (setCookieHeader) {
 		const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
 		const match = setCookieHeader.match(sessionIdRegex);
 		if (match) {
 			const [, sessionId, expiryString] = match;
+
+			// Get the proper cookie domain
+			const hostname = event.url.hostname;
+			const domainParts = hostname.split('.');
+			let cookieDomain: string | undefined = undefined;
+
+			if (domainParts.length > 2) {
+				// For subdomains like app.mydomain.com -> .mydomain.com
+				cookieDomain = '.' + domainParts.slice(-2).join('.');
+			} else if (domainParts.length === 2) {
+				// For root domains like mydomain.com -> .mydomain.com
+				cookieDomain = '.' + hostname;
+			} else {
+				// For localhost or single-part domains (e.g., "localhost")
+				cookieDomain = undefined; // Do not set the domain
+			}
+
+			console.log('Setting sessionid cookie with domain:', cookieDomain);
+
 			event.cookies.set('sessionid', sessionId, {
 				path: '/',
 				httpOnly: true,
 				sameSite: 'lax',
 				secure: event.url.protocol === 'https:',
-				expires: new Date(expiryString)
+				expires: new Date(expiryString),
+				domain: cookieDomain // Set the domain dynamically
 			});
 		}
 	}