Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor login cookie with cookieOptions function #2003

Merged
merged 1 commit into from
Mar 23, 2025
Merged

Refactor login cookie with cookieOptions function #2003

merged 1 commit into from
Mar 23, 2025
+11 −9

Conversation

ekzyis
Copy link
Member

@ekzyis ekzyis commented Mar 20, 2025
edited
Loading

Description

I think it's better to remove the cookie when we left the login page instead of when we visit /signup.

However, if we navigate away by entering a URL, the useEffect cleanup will not run.

We could fix this with a global useEffect that listens for path changes and sets/unsets the cookie if we're on /login or not.

TODO:

Video

2025-03-20.17-28-24.mp4

Checklist

Are your changes backwards compatible? Please answer below:

yes, especially because #1976 was not deployed yet

On a scale of 1-10 how well and how have you QA'd this change and any features it might affect? Please answer below:

5. Tested that the cookie is removed when I leave /login.

For frontend changes: Tested on mobile, light and dark mode? Please answer below:

n/a

Did you introduce any new environment variables? If so, call them out explicitly here:

no

@ekzyis ekzyis added the auth label Mar 20, 2025
@ekzyis ekzyis marked this pull request as draft March 20, 2025 22:31
@ekzyis ekzyis requested a review from Soxasora March 20, 2025 22:32
Soxasora
Soxasora reviewed Mar 20, 2025
View reviewed changes
Copy link
Member

@Soxasora Soxasora left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't personally think that there's a real problem with having the signin cookie just lying around since we always update its state when actually needed and it will get consumed eventually when the anon decides to login/signup.

Although... I admit it's not that clean and I would want to remove it too on leave. My only fear with going with the global route listener is that we might be adding complexity to a cookie that has a fairly innocent purpose.

tldr
It would be okay, just not sure if it deserves being checked at every route change

About path: /login, we can't put it because now we have /email that uses the cookie to compose the correct message

@ekzyis ekzyis force-pushed the fix-signin-cookie-cleanup branch from 8fd9587 to f11117d Compare March 21, 2025 00:09
@ekzyis ekzyis marked this pull request as ready for review March 21, 2025 00:10
@ekzyis ekzyis requested a review from huumn March 21, 2025 00:10
@ekzyis
Copy link
Member Author

ekzyis commented Mar 22, 2025

My only fear with going with the global route listener is that we might be adding complexity to a cookie that has a fairly innocent purpose.

I agree, I think just returning a cleanup function in useEffect is simple and effective enough

@huumn
Copy link
Member

huumn commented Mar 22, 2025
edited
Loading

I think because this does not work in corner cases, while the other solution does, we should probably stick to the other solution. I agree that this seems better in theory - but because it's unreliable, it isn't.

@ekzyis ekzyis force-pushed the fix-signin-cookie-cleanup branch from f11117d to 0a9e499 Compare March 22, 2025 22:55
@ekzyis ekzyis marked this pull request as draft March 22, 2025 22:55
@ekzyis ekzyis marked this pull request as ready for review March 22, 2025 22:58
@ekzyis
Copy link
Member Author

ekzyis commented Mar 22, 2025
edited
Loading

Oh, you are right, the other solution was more reliable. 0dc9ffd now also expires the cookie on /signup, but I kept the useEffect cleanup function.

@ekzyis ekzyis force-pushed the fix-signin-cookie-cleanup branch from 0a9e499 to 0dc9ffd Compare March 22, 2025 22:59
@huumn
Copy link
Member

huumn commented Mar 22, 2025
edited
Loading

The redirect to /email doesn't cause this cookie to clear? The fact that we'd have to test this might be a sign that this isn't the right thing to do. We're tying cookie state to the component lifecycle rather than "did we visit login or signup last?" ... this feels less predictable.

@ekzyis ekzyis force-pushed the fix-signin-cookie-cleanup branch from 0dc9ffd to d917e74 Compare March 23, 2025 00:14
@ekzyis
Copy link
Member Author

ekzyis commented Mar 23, 2025

As discussed in chat, I removed the cleanup function now.

All this PR does now is to use cookieOptions instead of manual joining of cookie options.

I considered to also set expires and maxAge to undefined so we'd have a session cookie but I don't want to over-engineer this / mess with this any further without a good reason.

@ekzyis ekzyis changed the title Cleanup signin cookie Refactor login cookie with cookieOptions function Mar 23, 2025
@huumn huumn merged commit 9b08988 into master Mar 23, 2025
6 checks passed
@huumn huumn deleted the fix-signin-cookie-cleanup branch March 23, 2025 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Soxasora Soxasora Soxasora left review comments

@huumn huumn Awaiting requested review from huumn

Assignees
No one assigned
Labels
auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ekzyis @huumn @Soxasora