openpanel icon indicating copy to clipboard operation
openpanel copied to clipboard
verified publisher icon Openpanel-dev

Login cookies rejected on .com.tr domains, missing multi-part TLD supportRetry

Open mert-donmez opened this issue 1 month ago • 1 comments

Request: Login cookies are rejected on .com.tr domains authentication cannot complete when self-hosted

Summary

When deploying OpenPanel on a .com.tr domain (for example: abc.com.tr) using Coolify, the login API succeeds and returns a success response, but the browser rejects the authentication cookie because the generated cookie domain is invalid.

As a result:

  • Login request succeeds
  • UI displays "Successfully signed in"
  • Browser blocks the Set-Cookie header
  • User session is not created
  • User cannot proceed to the dashboard

Environment

  • Deployment method: Coolify (Docker Compose auto-managed)
  • Reverse proxy: Traefik (Coolify-managed)
  • Domain example: abc.com.tr
  • HTTPS: Let's Encrypt

Root Cause

The parseCookieDomain() function does not recognize .com.tr as a multi-part TLD, so it incorrectly sets the cookie domain to com.tr, which browsers reject.

Request

Could you please add support for .tr, .nl, and .ch domain structures in the MULTI_PART_TLDS list?

Thanks!

mert-donmez avatar Nov 24 '25 16:11 mert-donmez

Ill add these issues and hopefully release new self-hosting images next week!

lindesvard avatar Nov 26 '25 08:11 lindesvard