Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token Cookies duplicated after upgrading to 6.5.1 from 5.3.17 #13781

Closed
3 tasks done
AboulEinein opened this issue Sep 4, 2024 · 5 comments
Closed
3 tasks done

Token Cookies duplicated after upgrading to 6.5.1 from 5.3.17 #13781

AboulEinein opened this issue Sep 4, 2024 · 5 comments
Assignees
@cwomack
Labels
Next.js question General question SSR Issues related to Server Side Rendering

Comments

@AboulEinein
Copy link

Before opening, please confirm:

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Other

Environment information

# Put output below this line

Describe the bug

After upgrading to version 6.5.1, we encountered 403 errors related to our token management system, which relies on cookies. Upon investigation, we discovered that prior to the upgrade, the cookies' domain was set with a leading dot (e.g., .example.com). However, post-upgrade, the domain is now set without the leading dot (e.g., example.com). This change has caused duplicate cookies for users who were already logged in, resulting in the cookie size exceeding the limit permitted by CloudFront, ultimately leading to the 403 errors.

Expected behavior

Cookies to be handled correctly without any duplications.

Reproduction steps

  1. Run a project with v5 with cookies set as token storage
  2. Sign in
  3. Run the project with v6 with cookies set as token storage
  4. Open the website and inspect the cookies

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response
@github-actions github-actions bot added pending-triage Issue is pending triage pending-maintainer-response Issue is pending a response from the Amplify team. labels Sep 4, 2024
@israx
Copy link
Member

israx commented Sep 4, 2024

Hello @AboulEinein. Sorry for any inconvenience using the library. Can you configure the cookies as follows?

import { CookieStorage } from 'aws-amplify/utils';
import { cognitoUserPoolsTokenProvider } from 'aws-amplify/auth/cognito';

Amplify.configure(amplify-outputs, { ssr: true });
const cookieStorage = new CookieStorage({ domain:'.example'});
cognitoUserPoolsTokenProvider.setKeyValueStorage(cookieStorage);

@AboulEinein
Copy link
Author

@israx I can do that, but it will cause the same issue to new users that logged in after the upgrade to v6

@HuiSF
Copy link
Member

HuiSF commented Sep 4, 2024

Hi @AboulEinein what @israx suggested is correct. You need to create an instance for overriding the cookie storage.

There is another limitation however, since you are using Next.js and if you are using the prebuilt @aws-amplify/adapter-nextjs, when Amplify refreshes tokens from your server and send refresh tokens back to the client as cookies, you will not be able to set the domain attribute at this moment. An workaround is to use the generic runWithAmplifyServerContext exported from aws-amplify/adapter-core with which you can implement your own logic for setting cookies from your server and then you have a complete control of the cookie attributes. (Details see this documentation: https://docs.amplify.aws/gen1/react/build-a-backend/server-side-rendering/)

@HuiSF HuiSF added question General question SSR Issues related to Server Side Rendering Next.js labels Sep 4, 2024
@github-actions github-actions bot removed the pending-triage Issue is pending triage label Sep 4, 2024
@jimblanc jimblanc removed the pending-maintainer-response Issue is pending a response from the Amplify team. label Sep 4, 2024
@cwomack cwomack self-assigned this Sep 4, 2024
@cwomack
Copy link
Member

cwomack commented Sep 10, 2024

@AboulEinein, just wanted to follow up on this and see if there are any further questions on this issue that we can help address. Let us know!

@cwomack cwomack added pending-community-response Issue is pending a response from the author or community. and removed pending-response labels Sep 10, 2024
@cwomack
Copy link
Member

cwomack commented Sep 17, 2024

Closing this issue as we have not heard back from you. Please review this comment above and let us know if there is any further feedback or questions. We'd be happy to reopen this issue if needed.

Thank you!

@cwomack cwomack closed this as not planned Won't fix, can't repro, duplicate, stale Sep 17, 2024
@github-actions github-actions bot removed the pending-community-response Issue is pending a response from the author or community. label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwomack cwomack

Labels
Next.js question General question SSR Issues related to Server Side Rendering
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jimblanc @AboulEinein @HuiSF @cwomack @israx