New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(nuxt): use max length + iterations for useCookie
timeout
#24253
Conversation
Run & review this pull request in StackBlitz Codeflow. |
useCooke
deleting cookies with long expiration client-sideuseCookie
deleting cookies with long expiration client-side
useCookie
deleting cookies with long expiration client-sideuseCookie
deleting cookies with long expiration client-side
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could probably wrap this with import.meta.client
.
Hi @huang-julien! How do you mean? Wrap the the whole I enabled code contributions, so feel free to add it wherever you consider it appropriate. |
(I think we probably don't need to wrap it again as we should only use the I think we can simplify this slightly. Maybe just keep track of a single timeElapsed number, and use a constant for setting a timeout? |
Hi @danielroe! Sounds good. However, I took a closer look and I think there's a fundamental flaw in this functionality to set expired cookies to For example, if I set the cookie to expire 5 days from now, when I use the app on day 5 and read the cookie client-side, the timeout is being set to another 5 days, but the cookie only has a few hours left to expire. If I understand correctly, this is also a browser limitation since there is no easy way to get the actual |
Hi @danielroe @huang-julien! I know you must be very busy. What do you think about my last comment about the flaw with expiring the cookie client-side? Maybe you understand the subject better than I do. |
Codecov ReportAll modified and coverable lines are covered by tests β
Additional details and impacted files@@ Coverage Diff @@
## main #24253 +/- ##
=======================================
Coverage ? 58.76%
=======================================
Files ? 5
Lines ? 861
Branches ? 46
=======================================
Hits ? 506
Misses ? 355
Partials ? 0 β View full report in Codecov by Sentry. |
Pushed a refactor. Let me know what you think. You are right about that potential issue; the behaviour is safe in that it shouldn't expire a cookie too early, but the cookie can remain accessible via a Ideas welcome to resolve, but we can also defer that to a subsequent PR. |
Hi @danielroe! I believe this solves the current issue at hand, so it's good for now. Thank you very much! You are right about the other issue, at least it won't expire early. I haven't been able to find a simple solution that doesn't involve storing the expiration date for each cookie. Since it seems to be impossible to know that real expiration value, we either have to create an additional cookie or local storage that stores the expiration for every cookie created with |
useCookie
deleting cookies with long expiration client-sideuseCookie
timeout
π Linked issue
Resolves #24227
β Type of change
π Description
This PR fixes an issue introduced when implementing the functionality to make expired cookies
undefined
on the client-side. Since it usessetTimeout
to apply the delay to expire the cookie, when you pass a long value tomaxAge
orexpires
, it deletes the cookie immediately instead of waiting that time.This happens because of the maximum delay value allowed by browsers on
setTimeout
as stated in MDN and that @positiveprogrammer brought to my attention. The issue started happening on v3.8.1 with PR #23549.In my case, I was setting a cookie that stores if the user consents to using cookies. That cookie choice should last 30 days, which is above the 24.8 day limit of
setTimeout
so if I updated the value client-side, the cookie instantly becameundefined
.My proposed solution to work around this issue (since it's a browser limitation unrelated from Nuxt) is to implement extra logic to divide the task into smaller intervals that add up to the total expected delay. That way we never exceed the timeout limit and still wait the desired amount of time before expiring the cookie.
I'm not sure if this is the best possible solution to the problem, but it seems to work.
π Checklist