Merge pull request #8127 from Matt-Yorkley/session-uri-parsing

Strip subdomains from session cookie host

.github/workflows/build.yml

@@ -10,6 +10,7 @@ env:
   TIMEZONE: UTC
   COVERAGE: true
   RSPEC_RETRY_RETRY_COUNT: 3
+  RAILS_ENV: test
 
 jobs:
   test-controllers-and-serializers:

config/application.rb

@@ -39,7 +39,7 @@ module Openfoodnetwork
       SessionCookieUpgrader, {
         old_key: "_session_id",
         new_key: "_ofn_session_id",
-        domain: "." + ENV["SITE_URL"].delete_prefix("www.")
+        domain: ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
       }
     ) if Rails.env.staging? || Rails.env.production?
 

config/initializers/session_store.rb

@@ -3,9 +3,15 @@
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
 # (create the session table with "rails generate session_migration")
+
+domain = if Rails.env.staging? || Rails.env.production?
+           ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
+         else
+           :all
+         end
+
 Openfoodnetwork::Application.config.session_store(
   :active_record_store,
   key: "_ofn_session_id",
-  domain: :all,
-  tld_length: 2
+  domain: domain
 )