Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce __session name for cookie #8014

Merged
merged 3 commits into from May 1, 2024
Merged

Enforce __session name for cookie #8014

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f686855
Enforce __session name for cookie
leoxs22 Apr 25, 2024
1ba1475
Updated explanation of the issue according to suggestion
leoxs22 Apr 26, 2024
14a2734
Merge branch 'main' into patch-1
sarah11918 May 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 12 additions & 8 deletions src/content/docs/en/guides/backend/google-firebase.mdx
View file
Open in desktop
Expand Up @@ -219,14 +219,18 @@ export const GET: APIRoute = async ({ request, cookies, redirect }) => {
expiresIn: fiveDays,
});

cookies.set("session", sessionCookie, {
cookies.set("__session", sessionCookie, {
path: "/",
});

return redirect("/dashboard");
};
```

:::caution
Firebase only allows the use of [one cookie, and it must be named `__session`](https://firebase.google.com/docs/hosting/manage-cache#using_cookies). Any other cookies the client sends will not be visible to your application.
:::

:::note
This is a basic implementation of the signin endpoint. You can add more logic to this endpoint to suit your needs.
:::
Expand All @@ -237,7 +241,7 @@ This is a basic implementation of the signin endpoint. You can add more logic to
import type { APIRoute } from "astro";

export const GET: APIRoute = async ({ redirect, cookies }) => {
cookies.delete("session", {
cookies.delete("__session", {
path: "/",
});
return redirect("/signin");
Expand Down Expand Up @@ -355,8 +359,8 @@ import Layout from "../layouts/Layout.astro";

/* Check if the user is authenticated */
const auth = getAuth(app);
if (Astro.cookies.has("session")) {
const sessionCookie = Astro.cookies.get("session").value;
if (Astro.cookies.has("__session")) {
const sessionCookie = Astro.cookies.get("__session").value;
const decodedCookie = await auth.verifySessionCookie(sessionCookie);
if (decodedCookie) {
return Astro.redirect("/dashboard");
Expand Down Expand Up @@ -432,10 +436,10 @@ import Layout from "../layouts/Layout.astro";
const auth = getAuth(app);

/* Check current session */
if (!Astro.cookies.has("session")) {
if (!Astro.cookies.has("__session")) {
return Astro.redirect("/signin");
}
const sessionCookie = Astro.cookies.get("session").value;
const sessionCookie = Astro.cookies.get("__session").value;
const decodedCookie = await auth.verifySessionCookie(sessionCookie);
const user = await auth.getUser(decodedCookie.uid);

Expand Down Expand Up @@ -473,8 +477,8 @@ import Layout from "../layouts/Layout.astro";

/* Check if the user is authenticated */
const auth = getAuth(app);
if (Astro.cookies.has("session")) {
const sessionCookie = Astro.cookies.get("session").value;
if (Astro.cookies.has("__session")) {
const sessionCookie = Astro.cookies.get("__session").value;
const decodedCookie = await auth.verifySessionCookie(sessionCookie);
if (decodedCookie) {
return Astro.redirect("/dashboard");
Expand Down