Hello
We have an app dev.foodbank.org.uk and the app sets cookies’ domain dev.foodbank.org.uk but in browser, we see an additional dot https://take.ms/zRQPa with the domain like this .dev.foodbank.org.uk what a problem for us because we cannot transfer our production to your hosting.
why fly.io adds a dot and how to remove it?
I don’t think we’re touching the cookies, it should just be exactly what your app sends through. What language/framework does your app use?
You can see both kinds of cookies on our own app. The .fly.io is a wildcard that will work for subdomains and is set by one of our backend Rails apps by default, I think:
We’re using rails, the issue is the cookie domain is loaded from an env var, and because they do not match we’re getting odd behaviour (infinite redirects) when trying to switch DNS to fly.
The environment values for the domain are set the same value in AWS ECS (old env) and in fly, but in fly for some reason the domain has a leading period when we inspect the cookie.
I’m 99% sure we’re not the cause of this. Is it possible the .dev.foodbank.org.uk cookie is coming from a different app?
The cURL output is showing domain=dev.foodbank.org.uk; in the cookie header:
➜ ~ curl -D - -o /dev/null -sS https://dev.foodbank.org.uk
HTTP/2 200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-store
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/html; charset=utf-8
vary: Accept
etag: W/"d499a7a41626dab4876cd07983ac56e6"
set-cookie: _foodbankweb_session_fly3_pretraining=<session>; domain=dev.foodbank.org.uk; path=/; expires=Wed, 08 Dec 2021 16:35:06 GMT; secure; HttpOnly
...
thanks ok we’ll investigate this further.
We could not find the cause of the cookies being different - on fly the domain value still had a leading period even though the env vars were set to be the same value (without a period).
To prevent the login redirect loop when we migrated the DNS we changed the cookie name on fly, which caused everyone to login again but at least did not cause an infinite loop.