From 69ce8dad935447c3f03a1121fa4a6354e39017cb Mon Sep 17 00:00:00 2001 From: Sandra Guerreiro Date: Wed, 27 May 2026 17:45:52 +0200 Subject: [PATCH 1/3] set domain to set cookie --- k8s/welearn-api/values.dev.yaml | 1 + k8s/welearn-api/values.prod.yaml | 1 + k8s/welearn-api/values.staging.yaml | 1 + pytest.ini | 1 + src/app/core/config.py | 1 + src/app/user/api/router.py | 3 ++- 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/k8s/welearn-api/values.dev.yaml b/k8s/welearn-api/values.dev.yaml index 336ad7a..52b5697 100644 --- a/k8s/welearn-api/values.dev.yaml +++ b/k8s/welearn-api/values.dev.yaml @@ -6,6 +6,7 @@ config: PG_HOST: dev-lab-projects-backend.postgres.database.azure.com TIKA_URL_BASE: https://tika.k8s.lp-i.dev/ DATA_COLLECTION_ORIGIN_PREFIX: welearn + SESSION_COOKIE_DOMAIN: .lp-i.dev ENV: development allowedHostsRegexes: mainUrl: |- diff --git a/k8s/welearn-api/values.prod.yaml b/k8s/welearn-api/values.prod.yaml index cefda86..f11e103 100644 --- a/k8s/welearn-api/values.prod.yaml +++ b/k8s/welearn-api/values.prod.yaml @@ -7,6 +7,7 @@ config: TIKA_URL_BASE: https://tika.k8s.lp-i.org/ DATA_COLLECTION_ORIGIN_PREFIX: workshop ENV: production + SESSION_COOKIE_DOMAIN: .learningplanetinstitute.org allowedHostsRegexes: alphaUrls: |- https://[a-zA-Z0-9-]*\.alpha-welearn\.lp-i\.org diff --git a/k8s/welearn-api/values.staging.yaml b/k8s/welearn-api/values.staging.yaml index 8da3d01..4ce8636 100644 --- a/k8s/welearn-api/values.staging.yaml +++ b/k8s/welearn-api/values.staging.yaml @@ -8,6 +8,7 @@ config: PG_DATABASE: welearn_datastack_staging TIKA_URL_BASE: https://tika.k8s.lp-i.dev/ DATA_COLLECTION_ORIGIN_PREFIX: welearn + SESSION_COOKIE_DOMAIN: .lp-i.xyz ENV: staging allowedHostsRegexes: mainUrl: |- diff --git a/pytest.ini b/pytest.ini index 4104147..e283958 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,6 +1,7 @@ [pytest] env = AZURE_API_BASE=https://azureapi.example.com + SESSION_COOKIE_DOMAIN=test.example.com AZURE_API_KEY=your_azure_api_key AZURE_API_VERSION=2023-05-15 AZURE_APIM_API_BASE=https://apim.azure.example.com diff --git a/src/app/core/config.py b/src/app/core/config.py index 5a80b57..b6dda35 100644 --- a/src/app/core/config.py +++ b/src/app/core/config.py @@ -21,6 +21,7 @@ class Settings(BaseSettings): BACKEND_CORS_ORIGINS_REGEX: str = CLIENT_ORIGINS_REGEX DATA_COLLECTION_ORIGIN_PREFIX: str + SESSION_COOKIE_DOMAIN: str def get_api_version(self) -> dict: return { diff --git a/src/app/user/api/router.py b/src/app/user/api/router.py index 5425c15..b74f033 100644 --- a/src/app/user/api/router.py +++ b/src/app/user/api/router.py @@ -52,7 +52,8 @@ async def handle_user_and_session( value=str(session_uuid), max_age=SESSION_TTL_SECONDS, httponly=True, - samesite="lax", + samesite=None, + domain=settings.SESSION_COOKIE_DOMAIN, secure=settings.ENV == "production", ) From c3306a9bb705eca3575951f07030e5033f487695 Mon Sep 17 00:00:00 2001 From: Sandra Guerreiro Date: Wed, 27 May 2026 18:05:06 +0200 Subject: [PATCH 2/3] filter out collections not active --- src/app/search/api/router.py | 1 + src/app/user/api/router.py | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/search/api/router.py b/src/app/search/api/router.py index 3615b43..e54e0a0 100644 --- a/src/app/search/api/router.py +++ b/src/app/search/api/router.py @@ -79,6 +79,7 @@ async def get_corpus(): "is_active": is_active, } for source_name, is_active, category_name in collections + if is_active ] diff --git a/src/app/user/api/router.py b/src/app/user/api/router.py index b74f033..f5489bf 100644 --- a/src/app/user/api/router.py +++ b/src/app/user/api/router.py @@ -54,7 +54,6 @@ async def handle_user_and_session( httponly=True, samesite=None, domain=settings.SESSION_COOKIE_DOMAIN, - secure=settings.ENV == "production", ) return {"message": "session created"} From a58c6c2f353d1096f9bef72a03d4ebae6de9010b Mon Sep 17 00:00:00 2001 From: Sandra Guerreiro Date: Thu, 28 May 2026 10:20:05 +0200 Subject: [PATCH 3/3] get cookie from header --- k8s/welearn-api/values.prod.yaml | 2 +- src/app/shared/utils/requests.py | 6 +++++- src/app/user/api/router.py | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/k8s/welearn-api/values.prod.yaml b/k8s/welearn-api/values.prod.yaml index f11e103..52fc247 100644 --- a/k8s/welearn-api/values.prod.yaml +++ b/k8s/welearn-api/values.prod.yaml @@ -7,7 +7,7 @@ config: TIKA_URL_BASE: https://tika.k8s.lp-i.org/ DATA_COLLECTION_ORIGIN_PREFIX: workshop ENV: production - SESSION_COOKIE_DOMAIN: .learningplanetinstitute.org + SESSION_COOKIE_DOMAIN: learningplanetinstitute.org allowedHostsRegexes: alphaUrls: |- https://[a-zA-Z0-9-]*\.alpha-welearn\.lp-i\.org diff --git a/src/app/shared/utils/requests.py b/src/app/shared/utils/requests.py index 998d26d..886c47b 100644 --- a/src/app/shared/utils/requests.py +++ b/src/app/shared/utils/requests.py @@ -12,7 +12,11 @@ def extract_session_cookie(request: Request) -> Optional[UUID]: cookie_value = request.cookies.get(SESSION_COOKIE_NAME) if not cookie_value: - return None + cookie_value = request.headers.get("X-Session-Id", None) + + if not cookie_value: + logger.debug("No session cookie found in request") + return None try: return UUID(cookie_value) diff --git a/src/app/user/api/router.py b/src/app/user/api/router.py index f5489bf..aef4202 100644 --- a/src/app/user/api/router.py +++ b/src/app/user/api/router.py @@ -53,10 +53,11 @@ async def handle_user_and_session( max_age=SESSION_TTL_SECONDS, httponly=True, samesite=None, + secure=True, domain=settings.SESSION_COOKIE_DOMAIN, ) - return {"message": "session created"} + return {"message": "session created", "session_id": session_uuid} @router.post("/user", summary="Create new user", response_model=dict)