Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cookieOption field "name" is not correctly working #717

Open
1 of 2 tasks
cp-20 opened this issue Jan 5, 2024 · 8 comments
Open
1 of 2 tasks

cookieOption field "name" is not correctly working #717

cp-20 opened this issue Jan 5, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@cp-20
Copy link

cp-20 commented Jan 5, 2024

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I used createPagesBrowserClient for my application and set cookieOption to the below but stored cookie didn't change its name.

{
	name: 'some-cookie-name',
	secure: true,
	sameSite: "Lax",
	domain: "",
	path: "/",
}

I suspect that f7e5c2d makes this bug. Base cookie name passed to createClient of @supabase/supabase-js comes from option.auth.storageKey before this commit, but storageKey field is removed and nothing other is changed after it. Please consider reverting it or take another solution.

@cp-20 cp-20 added the bug Something isn't working label Jan 5, 2024
@fnimick
Copy link

fnimick commented Jan 7, 2024

This is blocking a migration from @supabase/auth-helpers-sveltekit (where the name option works) to ssr (where the name option no longer works). I can confirm that the name option has no effect on the cookie used for auth data.

@kangmingtay
Copy link
Member

@cp-20 @fnimick we fixed this in the supabase/ssr package in #730 - i'll take a look at the other packages to see if the same bug is present there too

@binury
Copy link

binury commented Feb 24, 2024

@cp-20 @fnimick we fixed this in the supabase/ssr package in #730 - i'll take a look at the other packages to see if the same bug is present there too

I could be mistaken but #730 change applies to the serverClient but not browserClients which will still use sb-${new URL(this.authUrl).hostname.split('.')[0]}-auth-token. Without the change you made to the defaults on serverClient, it's still only going to be making "anon" requests and looking for different session.

Apparently this did exist at one point #677 but was reverted for unclear reason(s).

@jorgebaralt
Copy link

Any reason it got reverted? I really need this

@binury
Copy link

binury commented Feb 28, 2024

Any reason it got reverted? I really need this

as a workaround, you need to manually set the storageKey and the cookie.name to the same value. or, don't use the beta ssr auth-helper

@jorgebaralt
Copy link

Any reason it got reverted? I really need this

as a workaround, you need to manually set the storageKey and the cookie.name to the same value. or, don't use the beta ssr auth-helper

Thanks for the help.

what do you mean beta? afaik is the recommended way now? https://supabase.com/docs/guides/auth/server-side/migrating-to-ssr-from-auth-helpers

Also, about setting the storageKey, you mean patch the library myself? I do not see any storageKey param available

@kangmingtay
Copy link
Member

hey @binury, thanks for catching that - i've made a fix for it in #746

@pseacrest
Copy link

pseacrest commented Apr 5, 2024

I can confirm that the issue lies within Supabase and not within my own application. I have thoroughly searched through the documentation, GitHub Discussions, and Discord for any relevant information.

Description of the Bug:

In my application, I utilized createPagesBrowserClient and set the cookieOption as shown below. However, despite this configuration, the stored cookie did not change its name:

{
    name: 'some-cookie-name',
    secure: true,
    sameSite: "Lax",
    domain: "",
    path: "/",
}

I suspect that the bug may be related to commit hash f7e5c2d. Prior to this commit, the base cookie name passed to createClient of @supabase/supabase-js was derived from option.auth.storageKey. However, after this commit, the storageKey field was removed and no other changes were made. I suggest considering a revert of this commit or exploring alternative solutions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

6 participants