Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there any way to set cookie domain per request rather than per server launch? #188

Open
Kumagor0 opened this issue Nov 13, 2019 · 6 comments
Open

Is there any way to set cookie domain per request rather than per server launch? #188

Kumagor0 opened this issue Nov 13, 2019 · 6 comments

Comments

@Kumagor0
Copy link

Kumagor0 commented Nov 13, 2019
edited

Right now I have the following code in my index.js:

const Koa = require('koa');
const session = require('koa-session');

const app = new Koa();

app.use(
  session(
    {
      key: SSID,
      maxAge: SESSION_TTL,
      rolling: true,
      httpOnly: true,
      store: SessionStore,
      domain: DOMAIN,
    },
    app
  )
);

The problem is, it sets domain once and for all and then passes that value to ctx.cookie.set() every time. What I need is customizable cookie domain based on request values like hostname or query etc. I can elaborate on the use case I need that for, if that's of any relevance. I don't see how can I do that currently, but I found a solution which basically creates new koa-session middleware on every request:

app.use(async (ctx, next) => {
  const { cookieDomain } = ctx.query;

  await session(
    {
      key: SSID,
      maxAge: SESSION_TTL,
      rolling: true,
      httpOnly: true,
      store: SessionStore,
      domain: cookieDomain || DOMAIN,
    },
    app
  )(ctx, next);
});

This would work, but unfortunately 2 out of 3 properties defined here have configurable set to false implicitly, so on the second request I get "TypeError: Cannot redefine property: sessionOptions" error.

So, I have 3 questions:

  1. Is there any way to achieve what I need with koa-session right now that I've missed?

  2. If previous answer is "no", is there any real reason sessionOptions and [CONTEXT_SESSION] are non-configurable?

  3. If previous answer is "no", can it be changed to configurable? What needs to be done for that (do I need to submit PR or something)?
@Natouriano
Copy link

@Kumagor0 .. I'm facing the same issue.. did you have any luck with resolving this?

@Kumagor0
Copy link
Author

Kumagor0 commented Dec 17, 2019
edited

@Natouriano no, not yet. Fortunately that's not a pressing matter for me, but if it was, I'd just fork this repo, make the changes I proposed in the original post, publish it under a new name and use that package instead of koa-session.

@olso
Copy link

olso commented Dec 25, 2019

This seems to do the job https://github.com/Secbone/koa-session2

@Kumagor0
Copy link
Author

@olso Does it? Because looking at the docs,

app.use(session({
    key: "SESSIONID",   //default "koa:sess"
}));

looks like setting all options once and for all.

@olso
Copy link

olso commented Dec 27, 2019
edited

What prevents you from wrapping it and forwarding ctx,next? This is per request @Kumagor0

Screenshot 2019-12-27 at 18 50 49

My issue with koa-session is that you have to pass the Koa instance into it.

@rahulgi rahulgi mentioned this issue Apr 23, 2024
Draft
@rahulgi
Copy link

rahulgi commented Apr 23, 2024

Created a draft PR to support modifying the cookie domain on a per-request basis - #227

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rahulgi @Natouriano @olso @Kumagor0