Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Reissue updated cookie when cookie domain setting changes

See original GitHub issue

I have an application that has been issuing session cookies without the domain option set. Now I would like to add a domain option (for subdomain support), and then tell clients to remove their old cookie and set a new cookie that contains the domain.

The only way I’ve been able to get around this is doing the following:

Setting the rolling option to true
Manually setting request.session.cookie.domain on every request.
In my case: Manually set Set-Cookie with a Expires value in the past, in order for the old cookie to expire. Some browsers, such as Chrome, will keep both cookies as they are valid for several domains. This will make sure the old cookie is removed, and a new one is set with the new domain.

This approach feels like a hack, especially as I don’t want to send a Set-Cookie header on every request. What I’d like to achieve is that the old cookie is unset once, and that the new cookie is set once when the domain option has changed.

Is there a better way to achieve what I want?

Issue Analytics

State:
Created 6 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

dougwilsoncommented, Dec 21, 2017

Hi @bruun we can always improve the documentation 👍 not 100% sure I understand your comment though; you’re free to alter the contents of req.session.cookie as much as you want, which is pretty much what that documentation link says.

But yes, simply altering that I don’t think causes a set-cookie to be generated by itself; if you have another setting that would trigger the set-cookie to appear (like rolling: true) then it should set with the alterations you made in that object, otherwise it will get set the next time a condition appears that will cause a set-cookie based on your settings.

0reactions

bruuncommented, Dec 21, 2017

My problem was that I assumed that any changes to a user’s session cookie would trigger a set-cookie in the response, which I understand was a wrong assumption. Thanks for taking the time to answer @dougwilson , I’ll close this issue now as I feel confident that the solution I ended up with is more than good enough.

Top Results From Across the Web

Setting ServiceStack Cookie Domain in Web.Config Causes ...

Cookies are being set, and they are set with the new session id on every request.

session_set_cookie_params - Manual - PHP

This function updates the runtime ini values of the corresponding PHP ini configuration keys which can be retrieved with the ini_get(). Parameters ¶....

Document.cookie - Web APIs | MDN

The Document property cookie lets you read and write cookies associated with the document. It serves as a getter and setter for the...

DNS: Troubleshooting Guide - Domain.com

This article offers troubleshooting tips for overcoming typical domain issues. It also provides a simplified explanation of how DNS works.

KB5014754—Certificate-based authentication changes on ...

Update all servers that run Active Directory Certificate Services and Windows domain controllers that service certificate-based authentication with the May ...