quantfortune/SIP_GoldBees_Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix cross-subdomain cookie: add COOKIE_DOMAIN support

Browse Source 
Session cookie was scoped to api.quantfortune.com only.
Setting COOKIE_DOMAIN=.quantfortune.com in .env makes the
cookie shared across all subdomains so app.quantfortune.com
can authenticate against api.quantfortune.com.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Thigazhezhilan J 2026-05-20 23:23:30 +05:30
parent 2e0ba0060d
commit c85fae2d07
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/app/routers/auth.py
View File

@ -19,6 +19,7 @@ APP_ENV = (os.getenv("APP_ENV") or os.getenv("ENVIRONMENT") or os.getenv("FASTAP
IS_PRODUCTION = APP_ENV in {"prod", "production"} IS_PRODUCTION = APP_ENV in {"prod", "production"}
COOKIE_SECURE = True if IS_PRODUCTION else os.getenv("COOKIE_SECURE", "0") == "1" COOKIE_SECURE = True if IS_PRODUCTION else os.getenv("COOKIE_SECURE", "0") == "1"
COOKIE_SAMESITE = (os.getenv("COOKIE_SAMESITE") or "lax").lower() COOKIE_SAMESITE = (os.getenv("COOKIE_SAMESITE") or "lax").lower()
COOKIE_DOMAIN = (os.getenv("COOKIE_DOMAIN") or "").strip() or None
if IS_PRODUCTION and not COOKIE_SECURE: if IS_PRODUCTION and not COOKIE_SECURE:
raise RuntimeError("Secure session cookies are mandatory in production") raise RuntimeError("Secure session cookies are mandatory in production")
@ -33,6 +34,7 @@ def _set_session_cookie(response: Response, session_id: str):
max_age=SESSION_TTL_SECONDS, max_age=SESSION_TTL_SECONDS,
secure=COOKIE_SECURE, secure=COOKIE_SECURE,
path="/", path="/",
domain=COOKIE_DOMAIN,
) )