Finish separating cookies on prod vs test servers #3747
Assignees
Labels
Comments
I imagine that instead of having test and prod URLs in the cityparams.conf file, I can instead just stored the subdomain there ("sidewalk-chicago", for example). The URLs are always built the same way, and we can use that to set the subdomain for test server cookies as well. |
|
Darn! I tried a test case of this on the DC server since we were fixing something over there anyway. Explicitly set the session cookie domain: But it still made use of the more generic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Brief description of problem/feature
@yhtill and I made a lot of progress on this last week. To have authentication cookies shared, I set up the cookies with a .cs.washington.edu domain, but that had cookies shared between prod and test servers. Our fix for this was to have .cs.washington.edu cookies only created on prod servers, and test servers would use the old way with the full domain (sidewalk-chicago-test.cs.washington.edu, for example).
This fixed an issue I was having where logging in on a test server would cause a problem if you didn't have an account with the same credentials on the prod servers. And that's the most important thing to have fixed: no issues with prod now!
BUT we are still having the reverse issue on test. Both .cs.washington.edu and sidewalk-chicago-test.cs.washington.edu work on test, so if you visit a prod site and then go to a test site, you'll end up with two cookies, leading to some weird behavior on the test sites.
System info (OS, browser, city, and local/prod/test)
All test servers only
Potential solution(s)
I'm hoping that instead of setting to the default, I can just explicitly tell the test servers to use cookies for the specific domain only. Need to do a little testing to be sure!
The text was updated successfully, but these errors were encountered: