Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ssr): base64-encode cookie value #701

Closed
wants to merge 2 commits into from
Closed

feat(ssr): base64-encode cookie value #701

wants to merge 2 commits into from

Conversation

jebibot
Copy link

@jebibot jebibot commented Dec 8, 2023
edited
Loading

What kind of change does this PR introduce?

Feature

What is the current behavior?

The session cookie value is a plain JSON string, which gets URL-encoded by most server implementations. This causes a mismatch in the length calculation in the chunker; sometimes, cookie values exceed the max length.

What is the new behavior?

This PR base64-encodes the cookie value before passing to the chunker.

The rationale for using base64:

  • it is used in the JWT encoding
  • URL encoding encodes {, }, ", [, ] to 3 characters tripling in length, whereas base64 encoding increases x4/3 in bytes, so the overall length would be similar

Additional context

Closes #680. Fixes #643 and fixes #696.

jebibot
jebibot commented Dec 8, 2023
View reviewed changes
packages/ssr/src/createBrowserClient.ts
},
setItem: async (key: string, value: string) => {
const chunks = await createChunks(key, value);
const chunks = await createChunks(key, encodeBase64Url(value));
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd also be possible to encode only the session, but checking for the name here seems error-prone.

@jebibot jebibot mentioned this pull request Dec 8, 2023
Closed
@dalkommatt
Copy link

I'd love to test this on my own project but was having trouble patching the @supabase/ssr package with this. Is there a way it can be done?

@j4w8n
Copy link

j4w8n commented Dec 20, 2023

If this is considered, it likely needs to use jose for cross-platform support. This has been an issue in the past.

See #515

@dvvolynkin
Copy link

Will it work with unicode symbols in JSON?

It can be user name for example

@SyntheticGoop SyntheticGoop mentioned this pull request Jan 25, 2024
Merged
@kangmingtay
Copy link
Member

@dalkommatt i typically do pnpm build in the root of the auth-helpers repo and then npx install-from /path/to/auth-helpers/packages/ssr in the project that i want to test the changes in

@jebibot we've decided to go with #726 to fix the cookie chunking issues so i'll be closing this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Could not login after adding two auth providers which use same emails Cookie is too large
5 participants
@jebibot @dalkommatt @j4w8n @dvvolynkin @kangmingtay