mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
e2fbe2ca09
Cross-subdomain refresh cookies were not being deleted correctly because the domain option was not passed to deleteCookie/deleteCookieClient. This caused stale cookies to accumulate and auth state to persist across subdomains after sign-out. Also eagerly warms the trusted parent domain cache on app construction to avoid a race condition where navigation after sign-in could prevent the cross-subdomain cookie from being written. <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Automatically recreates a missing cross-subdomain refresh cookie on app startup in browser sessions when applicable. * **Bug Fixes** * Cookie deletions now correctly scope removals to the encoded parent domain when applicable for both browser and server token-store flows. * **Performance** * Pre-warms a domain-resolution cache in browser token-store scenarios to reduce authentication latency. * **Tests** * Added end-to-end tests validating custom refresh-cookie name encoding/decoding, non-custom cookie handling, and eager cookie recreation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| access-token-refresh.test.ts | ||
| api-keys.test.ts | ||
| app.test.ts | ||
| auth-like.test.ts | ||
| config.test.ts | ||
| connected-accounts.test.ts | ||
| convex.test.ts | ||
| cookies.test.ts | ||
| cross-domain-auth.test.ts | ||
| data-vault.test.ts | ||
| email-template-existing-project.test.ts | ||
| email.test.ts | ||
| inheritance.test.ts | ||
| js-helpers.ts | ||
| list-users.test.ts | ||
| oauth-providers.test.ts | ||
| oauth.test.ts | ||
| payments.test.ts | ||
| restricted-users.test.ts | ||
| team-invitations.test.ts | ||