Comments (6)
Thanks for the bug report. Seems like I mistakenly assumed an empty string would mean SvelteKit would not set a Path
attribute.
from lucia.
As for my objections on the changes to the cookie API, it only had partially do with Lucia (specifically the part about maintaining consistency between frameworks). The first part about spec etc is mostly just my personal opinion on API design.
from lucia.
Unless the expectation is that people will call a middleware's setCookie with something other than the result of calling createSessionCookie?
Yes, since that's just easier to work with
We (unlike some others) set secure and httpOnly to true by default (similar to createSessionCookie, except that it can be overridden if necessary)
This isn't a big issue since the types are still the same, and Lucia always set the HttpOnly
and Secure
flag (for prod)
from lucia.
Not sure I follow — you're saying that people will call setCookie
directly but also that Lucia will override httpOnly
and secure
? I couldn't see in the code where that happens.
I'm still not sure how to reconcile your "I'd expect it to work exactly like how HTTP cookies would" statement with the decision to forcibly override httpOnly
and secure
, but that's just me :)
from lucia.
I don't think I follow either 😅. setCookie()
just sets a cookie represented by a generic interface Cookie
. It doesn't override attributes or anything. The Cookie
can be anything, not just session cookies, so it should be able to set cookies without the Path
attribute.
from lucia.
In that case the behaviour will differ between frameworks, because SvelteKit defaults secure
and httpOnly
to true
while other frameworks don't
from lucia.
Related Issues (20)
- lucia auth get data from from different table
- [Bug]: custom sessionId does not work with Drizzle adapter HOT 5
- [Feature Request]: Drizzle pg UUID support on types
- [Bug]: incompatible types with generatedAlwaysAsIdentity
- [Bug]: DrizzleSQLiteAdapter type error breaks build HOT 6
- [Bug]: Lucia using Postgres via Drizzle - Date issue
- [Bug]: validateSession return null in Express Mongoose HOT 7
- [Bug]: Drizzle Adapter not accepting Sessions nor User tables HOT 4
- [Bug]: session table @@map in prisma adapter not working in production (Vercel)
- [Docs]: NextJs validation request problem HOT 2
- [Bug]: Official Website StackBlitz demo is not working
- [Bug]: Is it not possible to use Lucia in Next.js middleware? HOT 1
- [Bug]: await is not defined
- [Bug]: this.sql.unsafe is not a function HOT 1
- [Bug]: How can I modify return of `lucia.validateSession(sessionId)` ? HOT 1
- [Help]: How can I do both email and mobile auth?
- Session never validate as fresh - session.fresh: false HOT 2
- [Bug]: DrizzlePostgreSQLAdapter Type '{ username: string; password: string; }' has no properties in common with type '{ id?: string; }'. HOT 2
- [Help]: Multikey auth with v3
- [Bug]: Module parse failed: Unexpected character '�' (1:2) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lucia.