Skip to content

[Bug?]: Cannot delete cookies during single flight request #1863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 tasks done
zhengkyl opened this issue Mar 21, 2025 · 0 comments · May be fixed by #1864
Open
2 tasks done

[Bug?]: Cannot delete cookies during single flight request #1863

zhengkyl opened this issue Mar 21, 2025 · 0 comments · May be fixed by #1864
Labels
bug Something isn't working needs triage

Comments

@zhengkyl
Copy link

zhengkyl commented Mar 21, 2025
edited
Loading

Duplicates

  • I have searched the existing issues

Latest version

  • I have tested the latest version

Current behavior 😯

Right now, cookies set during a single flight request are available on the redirected route, but it doesn't account for setting cookies to an empty string or the max age or expires fields.

Expected behavior 🤔

You should be able to set a cookie to the empty string, as well as fully remove a cookie by setting an appropriate max-age or expires.

Steps to reproduce 🕹

Reproduction
https://codesandbox.io/p/devbox/wonderful-sunset-dq8cjl

The cookies and redirects are weird in codesandbox so here is a separate repo

Repo
https://github.com/zhengkyl/delete-cookie

Steps:

  1. Click sign in.
  2. Click sign out.
  3. It will redirect to home page and then back immediately.

Context 🔦

I'm trying to redirect users based on their logged in status. The homepage should redirect logged in users to the protected page, and the protected page should directed unauthenticated users to the homepage.

The logout action calls setCookie(), but since cookies are not deleted, it breaks the logout logic. This is due to the current implementation of createSingleFlightHeaders

solid-start/packages/start/src/runtime/server-handler.ts

Lines 309 to 335 in 28e3fc5

function createSingleFlightHeaders(sourceEvent: FetchEvent) {
// cookie handling logic is pretty simplistic so this might be imperfect
// unclear if h3 internals are available on all platforms but we need a way to
// update request headers on the underlying H3 event.
const headers = new Headers(sourceEvent.request.headers);
const cookies = parseCookies(sourceEvent.nativeEvent);
const SetCookies = sourceEvent.response.headers.getSetCookie();
headers.delete("cookie");
let useH3Internals = false;
if (sourceEvent.nativeEvent.node?.req) {
useH3Internals = true;
sourceEvent.nativeEvent.node.req.headers.cookie = "";
}
SetCookies.forEach(cookie => {
if (!cookie) return;
const keyValue = cookie.split(";")[0]!;
const [key, value] = keyValue.split("=");
key && value && (cookies[key] = value);
});
Object.entries(cookies).forEach(([key, value]) => {
headers.append("cookie", `${key}=${value}`);
useH3Internals && (sourceEvent.nativeEvent.node.req.headers.cookie += `${key}=${value};`);
});
return headers;
}

Your environment 🌎

"@solidjs/router": "^0.15.1",
"@solidjs/start": "^1.1.3",
"solid-js": "^1.9.3",
"vinxi": "^0.5.3"
@zhengkyl zhengkyl added bug Something isn't working needs triage labels Mar 21, 2025
@zhengkyl zhengkyl linked a pull request Mar 21, 2025 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: handle deleted cookies in single flight request zhengkyl/solid-start
1 participant
@zhengkyl