Comments (3)
the domain iron-session attaches to the cookie
I don't think our code tries to do anything smart with the domain option of the cookie. We use the browser defaults here.
So probably by default, it will try to use the request domain?
I am unsure to understand the exact issue, perhaps you can dig it more and show a few examples of when is the domain an issue? (I don't know Azure much)
from iron-session.
Say I have a website with the url example-a.com sitting behind a front door instance with url example-b.com. The user navigates to example-b.com to access the site, but because the site is actually running on example-a.com, iron-session sets example-a.com as the domain when it creates the cookie and so the browser blocks that because it's trying to add that cookie to example-b.com.
While it's not the way I'm using it, front door can also be used as a load balancer, which would run into similar issues and I imagine similar issues would happen with non azure load balancers. Not sure there is anything that can be done on your side, so feel free to close this if that's the case.
from iron-session.
For anyone else running into this problem, I did get a recommendation from azure support on how to tackle this issue. Basically it involves forcing all of the environments to use the same url. Their solution can be seen below.
My suggestion to correct the issue is to configure a custom domain in Front Door and create the same custom domain in the static web app. Then configure the Origin so that the host header parameter is empty, that way the host header passed to the Static Web App will be the same as your custom domain, the expectation is that cookies are created for that domain and won't cause any mismatch issues.
from iron-session.
Related Issues (20)
- Package causing multiple response problem HOT 1
- v8 beta release, last tasks and discussions HOT 6
- session object empty on Apollo Server API Route
- Can i use iron-session with pages routes ? HOT 1
- Implementing iron-session with TRPC HOT 9
- Static maxAge
- v8 - Attaching session to request HOT 1
- Make properties in T for IronSession<T> optional (union with undefined)
- v6 and Next 13 pages middleware HOT 7
- Migration away from `withIronSessionApiRoute` HOT 3
- await session.save() fails to set cookie if cookies.set() is used after HOT 2
- session returned from `getIronSessionFromCookieStore` does not implement full interface HOT 1
- outdated dependency @types/cookie causes type mismatch HOT 1
- why getIronSession not work in middleware like in example (App router + client components, route handlers, and SWR) HOT 3
- Support the `partitioned` attribute in cookie settings HOT 1
- Discrepancy in documentation of password rotation. HOT 5
- Next.js middleware token rotation issue HOT 3
- Unable to create a session cookie HOT 3
- How to access stored sessions of my users?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iron-session.