Skip to content

Refactor cookie domain logic to only apply in production#730

Open
jeebeez wants to merge 1 commit intomainfrom
claude/slack-session-tWUrk
Open

Refactor cookie domain logic to only apply in production#730
jeebeez wants to merge 1 commit intomainfrom
claude/slack-session-tWUrk

Conversation

@jeebeez
Copy link
Copy Markdown
Collaborator

@jeebeez jeebeez commented May 1, 2026

What does this PR do?

This PR refactors the cookie domain configuration logic across multiple applications (academy, erp, mes, starter) to:

  1. Only set cookie domains in production environments (when VERCEL_ENV === "production")
  2. Consistently use the getCookieDomain() utility function instead of manual domain validation
  3. Remove the previous localhost check pattern (!DOMAIN.startsWith("localhost"))

The changes ensure that cookie domain settings are only applied in production, preventing potential cookie issues in development and staging environments.

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

  • Verify that in production environments (VERCEL_ENV === "production"), cookies are set with the appropriate domain
  • Verify that in non-production environments (development, staging), cookies are set without a domain restriction
  • Confirm that the getCookieDomain() utility properly validates and returns the domain or null

No manual testing required beyond verifying the environment variable behavior is correct.

Checklist

  • I have self-reviewed the code
  • My code follows the style guidelines of this project
  • I have commented my code where necessary
  • My changes generate no new warnings

https://claude.ai/code/session_016YP8oTpJahKNjZQbWfrpP2

@claude
fix: only set cookie domain in production for mode/theme
0ae0fa2 
The mode and theme cookie domain was being set unconditionally using
the DOMAIN env var. When accessing dev instances via localhost, this
caused the cookies to not be saved because the domain didn't match.

This fix aligns with the session cookie behavior in session.server.ts
which already checks VERCEL_ENV === "production" before setting domain.

Slack thread: https://carbon-ms.slack.com/archives/C0B0LQQEB0B/p1777530058258979

https://claude.ai/code/session_016YP8oTpJahKNjZQbWfrpP2
@vercel
Copy link
Copy Markdown

vercel Bot commented May 1, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
academy Ready Ready Preview, Comment May 1, 2026 11:36am
carbon Ready Ready Preview, Comment May 1, 2026 11:36am
mes Ready Ready Preview, Comment May 1, 2026 11:36am

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeebeez @claude