Skip to content

fix(core): set secure value whenever we prefix cookie#2526

Merged
chanceaclark merged 1 commit intocanaryfrom
fix/secure-anon-session
Aug 18, 2025
Merged

fix(core): set secure value whenever we prefix cookie#2526
chanceaclark merged 1 commit intocanaryfrom
fix/secure-anon-session

Conversation

@chanceaclark
Copy link
Copy Markdown
Contributor

@chanceaclark chanceaclark commented Aug 18, 2025
edited
Loading

What/Why?

The anonymous session cookie had secure always set to true regardless if we were prefixing it or not. This change updates the cookie to set secure to the same "value" if we prefix the cookie with __Secure-.

Testing

secure: false:

Screenshot 2025-08-18 at 15 20 34

secure: true:

Screenshot 2025-08-18 at 15 55 33

Migration

Just rebase like normal or manually update the code.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Aug 18, 2025

🦋 Changeset detected

Latest commit: 5d3cb0c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@bigcommerce/catalyst-core Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link
Copy Markdown

vercel Bot commented Aug 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
catalyst-b2b Ready Ready Preview Comment Aug 18, 2025 9:28pm
catalyst-canary Ready Ready Preview Comment Aug 18, 2025 9:28pm
3 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
catalyst Ignored Ignored Aug 18, 2025 9:28pm
catalyst-au Ignored Ignored Aug 18, 2025 9:28pm
catalyst-uk Ignored Ignored Aug 18, 2025 9:28pm

@chanceaclark chanceaclark marked this pull request as ready for review August 18, 2025 21:56
@chanceaclark chanceaclark requested a review from a team August 18, 2025 21:56
@chanceaclark chanceaclark added this pull request to the merge queue Aug 18, 2025
Merged via the queue into canary with commit 2089a58 Aug 18, 2025
14 checks passed
@chanceaclark chanceaclark deleted the fix/secure-anon-session branch August 18, 2025 22:25
This was referenced Aug 18, 2025
Merged
Open
@github-actions github-actions Bot mentioned this pull request Aug 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@matthewvolk matthewvolk matthewvolk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chanceaclark @matthewvolk