CyberCRI · sandragjacinto · May 28, 2026 · May 27, 2026 · May 27, 2026 · May 28, 2026
diff --git a/k8s/welearn-api/values.dev.yaml b/k8s/welearn-api/values.dev.yaml
@@ -6,6 +6,7 @@ config:
     PG_HOST: dev-lab-projects-backend.postgres.database.azure.com
     TIKA_URL_BASE: https://tika.k8s.lp-i.dev/
     DATA_COLLECTION_ORIGIN_PREFIX: welearn
+    SESSION_COOKIE_DOMAIN: .lp-i.dev
     ENV: development
 allowedHostsRegexes:
   mainUrl: |-

diff --git a/k8s/welearn-api/values.prod.yaml b/k8s/welearn-api/values.prod.yaml
@@ -7,6 +7,7 @@ config:
     TIKA_URL_BASE: https://tika.k8s.lp-i.org/
     DATA_COLLECTION_ORIGIN_PREFIX: workshop
     ENV: production
+    SESSION_COOKIE_DOMAIN: learningplanetinstitute.org
 allowedHostsRegexes:
   alphaUrls: |-
     https://[a-zA-Z0-9-]*\.alpha-welearn\.lp-i\.org

diff --git a/k8s/welearn-api/values.staging.yaml b/k8s/welearn-api/values.staging.yaml
@@ -8,6 +8,7 @@ config:
     PG_DATABASE: welearn_datastack_staging
     TIKA_URL_BASE: https://tika.k8s.lp-i.dev/
     DATA_COLLECTION_ORIGIN_PREFIX: welearn
+    SESSION_COOKIE_DOMAIN: .lp-i.xyz
     ENV: staging
 allowedHostsRegexes:
   mainUrl: |-

diff --git a/pytest.ini b/pytest.ini
@@ -1,6 +1,7 @@
 [pytest]
 env =
     AZURE_API_BASE=https://azureapi.example.com
+    SESSION_COOKIE_DOMAIN=test.example.com
     AZURE_API_KEY=your_azure_api_key
     AZURE_API_VERSION=2023-05-15
     AZURE_APIM_API_BASE=https://apim.azure.example.com

diff --git a/src/app/core/config.py b/src/app/core/config.py
@@ -21,6 +21,7 @@ class Settings(BaseSettings):
 
     BACKEND_CORS_ORIGINS_REGEX: str = CLIENT_ORIGINS_REGEX
     DATA_COLLECTION_ORIGIN_PREFIX: str
+    SESSION_COOKIE_DOMAIN: str
 
     def get_api_version(self) -> dict:
         return {

diff --git a/src/app/search/api/router.py b/src/app/search/api/router.py
@@ -79,6 +79,7 @@ async def get_corpus():
             "is_active": is_active,
         }
         for source_name, is_active, category_name in collections
+        if is_active
     ]
 
 

diff --git a/src/app/shared/utils/requests.py b/src/app/shared/utils/requests.py
@@ -12,7 +12,11 @@
 def extract_session_cookie(request: Request) -> Optional[UUID]:
     cookie_value = request.cookies.get(SESSION_COOKIE_NAME)
     if not cookie_value:
-        return None
+        cookie_value = request.headers.get("X-Session-Id", None)
+
+        if not cookie_value:
+            logger.debug("No session cookie found in request")
+            return None
 
     try:
         return UUID(cookie_value)

diff --git a/src/app/user/api/router.py b/src/app/user/api/router.py
@@ -52,11 +52,12 @@ async def handle_user_and_session(
         value=str(session_uuid),
         max_age=SESSION_TTL_SECONDS,
         httponly=True,
-        samesite="lax",
-        secure=settings.ENV == "production",
+        samesite=None,
+        secure=True,
+        domain=settings.SESSION_COOKIE_DOMAIN,
     )
 
-    return {"message": "session created"}
+    return {"message": "session created", "session_id": session_uuid}
 
 
 @router.post("/user", summary="Create new user", response_model=dict)
-Original file line number
+Diff line change
@@ Expand Up / @@ -79,6 +79,7 @@ async def get_corpus(): @@
                 "is_active": is_active,
             }
             for source_name, is_active, category_name in collections
+            if is_active
         ]
@@ Expand Down @@