Try out using explicit domain for cookies

loculus-project · Feb 23, 2024 · 7d50556 · 7d50556
1 parent 8ff3d41
commit 7d50556
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/website/src/middleware/authMiddleware.ts b/website/src/middleware/authMiddleware.ts
@@ -256,21 +256,23 @@ export function setCookie(context: APIContext, token: TokenCookie) {
         sameSite: 'lax',
         secure: false,
         path: '/',
+        domain: '.loculus.org',
     });
     context.cookies.set(REFRESH_TOKEN_COOKIE, token.refreshToken, {
         httpOnly: true,
         sameSite: 'lax',
         secure: false,
         path: '/',
+        domain: '.loculus.org',
     });
     logger.debug(`Cookie set. Cookies now: ${JSON.stringify(context.cookies)}`);
 }
 
 function deleteCookie(context: APIContext) {
     logger.debug(`Deleting cookies. Cookies before deletion: ${JSON.stringify(context.cookies)}`);
     try {
-        context.cookies.delete(ACCESS_TOKEN_COOKIE, { path: '/' });
-        context.cookies.delete(REFRESH_TOKEN_COOKIE, { path: '/' });
+        context.cookies.delete(ACCESS_TOKEN_COOKIE, { path: '/', domain: '.loculus.org' });
+        context.cookies.delete(REFRESH_TOKEN_COOKIE, { path: '/', domain: '.loculus.org' });
     } catch {
         logger.info(`Error deleting cookie`);
     }