session icon indicating copy to clipboard operation
session copied to clipboard

Published 20 hours ago verified publisher icon koajs

Is there any way to set cookie domain per request rather than per server launch?

Open Kumagor0 opened this issue 6 years ago • 6 comments
trafficstars

Right now I have the following code in my index.js:

const Koa = require('koa');
const session = require('koa-session');

const app = new Koa();

app.use(
  session(
    {
      key: SSID,
      maxAge: SESSION_TTL,
      rolling: true,
      httpOnly: true,
      store: SessionStore,
      domain: DOMAIN,
    },
    app
  )
);

The problem is, it sets domain once and for all and then passes that value to ctx.cookie.set() every time. What I need is customizable cookie domain based on request values like hostname or query etc. I can elaborate on the use case I need that for, if that's of any relevance. I don't see how can I do that currently, but I found a solution which basically creates new koa-session middleware on every request:

app.use(async (ctx, next) => {
  const { cookieDomain } = ctx.query;

  await session(
    {
      key: SSID,
      maxAge: SESSION_TTL,
      rolling: true,
      httpOnly: true,
      store: SessionStore,
      domain: cookieDomain || DOMAIN,
    },
    app
  )(ctx, next);
});

This would work, but unfortunately 2 out of 3 properties defined here have configurable set to false implicitly, so on the second request I get "TypeError: Cannot redefine property: sessionOptions" error.

So, I have 3 questions:

  1. Is there any way to achieve what I need with koa-session right now that I've missed?

  2. If previous answer is "no", is there any real reason sessionOptions and [CONTEXT_SESSION] are non-configurable?

  3. If previous answer is "no", can it be changed to configurable? What needs to be done for that (do I need to submit PR or something)?

Kumagor0 avatar Nov 13 '19 22:11 Kumagor0

@Kumagor0 .. I'm facing the same issue.. did you have any luck with resolving this?

Natouriano avatar Dec 01 '19 18:12 Natouriano

@Natouriano no, not yet. Fortunately that's not a pressing matter for me, but if it was, I'd just fork this repo, make the changes I proposed in the original post, publish it under a new name and use that package instead of koa-session.

Kumagor0 avatar Dec 17 '19 15:12 Kumagor0

This seems to do the job https://github.com/Secbone/koa-session2

olso avatar Dec 25 '19 22:12 olso

@olso Does it? Because looking at the docs,

app.use(session({
    key: "SESSIONID",   //default "koa:sess"
}));

looks like setting all options once and for all.

Kumagor0 avatar Dec 27 '19 13:12 Kumagor0

What prevents you from wrapping it and forwarding ctx,next? This is per request @Kumagor0

Screenshot 2019-12-27 at 18 50 49

My issue with koa-session is that you have to pass the Koa instance into it.

olso avatar Dec 27 '19 17:12 olso

Created a draft PR to support modifying the cookie domain on a per-request basis - https://github.com/koajs/session/pull/227

rahulgi avatar Apr 23 '24 21:04 rahulgi