(core) set cookie response header more consistently

Summary: The express-session middleware, in its regular configuration, will only set a cookie response header at the beginninng of a session or when the session contents have changed. It won't set the header if only the expiration time is changed. This diff uses a dummy `alive` field to nudge the middleware into setting the header consistently. Test Plan: tested manually Reviewers: dsagal Reviewed By: dsagal Subscribers: alexmojaki Differential Revision: https://phab.getgrist.com/D3153
2026-03-02 04:09:24 +00:00 · 2021-11-24 09:50:44 -05:00
parent 0b437d1544
commit 3055a11fb2
3 changed files with 19 additions and 10 deletions
--- a/app/server/lib/BrowserSession.ts
+++ b/app/server/lib/BrowserSession.ts
@@ -45,8 +45,13 @@ export interface SessionObj {
  // This is optional since the session may already exist.
  orgToUser?: {[org: string]: number};

-  // This gets set to encourage express-session to set a cookie.
-  alive?: boolean;
+  // This gets set to encourage express-session to set a cookie. Was a boolean in the past.
+  alive?: number;
+}
+
+// Make an artificial change to a session to encourage express-session to set a cookie.
+export function forceSessionChange(session: SessionObj) {
+  session.alive = Number(session.alive || 0) + 1;
 }

 // We expose a sign-in status in a cookie accessible to all subdomains, to assist in auto-signin.