Enforce __session name for cookie (withastro#8014)

Co-authored-by: Luiz Ferraz <luiz@lferraz.com> Co-authored-by: Sarah Rainsberger <sarah@rainsberger.ca>
wpplumber · May 9, 2024 · 8eeb45f · 8eeb45f
1 parent a3d1b7c
commit 8eeb45f
Showing 1 changed file with 12 additions and 8 deletions.
diff --git a/src/content/docs/en/guides/backend/google-firebase.mdx b/src/content/docs/en/guides/backend/google-firebase.mdx
@@ -219,14 +219,18 @@ export const GET: APIRoute = async ({ request, cookies, redirect }) => {
     expiresIn: fiveDays,
   });
 
-  cookies.set("session", sessionCookie, {
+  cookies.set("__session", sessionCookie, {
     path: "/",
   });
 
   return redirect("/dashboard");
 };
 ```
 
+:::caution
+Firebase only allows the use of [one cookie, and it must be named `__session`](https://firebase.google.com/docs/hosting/manage-cache#using_cookies). Any other cookies the client sends will not be visible to your application.
+:::
+
 :::note
 This is a basic implementation of the signin endpoint. You can add more logic to this endpoint to suit your needs.
 :::
@@ -237,7 +241,7 @@ This is a basic implementation of the signin endpoint. You can add more logic to
 import type { APIRoute } from "astro";
 
 export const GET: APIRoute = async ({ redirect, cookies }) => {
-  cookies.delete("session", {
+  cookies.delete("__session", {
     path: "/",
   });
   return redirect("/signin");
@@ -355,8 +359,8 @@ import Layout from "../layouts/Layout.astro";
 
 /* Check if the user is authenticated */
 const auth = getAuth(app);
-if (Astro.cookies.has("session")) {
-  const sessionCookie = Astro.cookies.get("session").value;
+if (Astro.cookies.has("__session")) {
+  const sessionCookie = Astro.cookies.get("__session").value;
   const decodedCookie = await auth.verifySessionCookie(sessionCookie);
   if (decodedCookie) {
     return Astro.redirect("/dashboard");
@@ -432,10 +436,10 @@ import Layout from "../layouts/Layout.astro";
 const auth = getAuth(app);
 
 /* Check current session */
-if (!Astro.cookies.has("session")) {
+if (!Astro.cookies.has("__session")) {
   return Astro.redirect("/signin");
 }
-const sessionCookie = Astro.cookies.get("session").value;
+const sessionCookie = Astro.cookies.get("__session").value;
 const decodedCookie = await auth.verifySessionCookie(sessionCookie);
 const user = await auth.getUser(decodedCookie.uid);
 
@@ -473,8 +477,8 @@ import Layout from "../layouts/Layout.astro";
 
 /* Check if the user is authenticated */
 const auth = getAuth(app);
-if (Astro.cookies.has("session")) {
-  const sessionCookie = Astro.cookies.get("session").value;
+if (Astro.cookies.has("__session")) {
+  const sessionCookie = Astro.cookies.get("__session").value;
   const decodedCookie = await auth.verifySessionCookie(sessionCookie);
   if (decodedCookie) {
     return Astro.redirect("/dashboard");