[snack-sdk][website] Move to cookie-based auth#685
Merged
byronkarlen merged 2 commits intoMay 20, 2026
Conversation
Contributor
Author
This stack of pull requests is managed by Graphite. Learn more about stacking. |
This was referenced May 8, 2026
byronkarlen
changed the title
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
d6e1968 to
add7f33
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
2 times, most recently
from
74a8bd9 to
f6cb001
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
a4eba5b to
87fd82b
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
f6cb001 to
94be0a5
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
87fd82b to
0d0006d
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
94be0a5 to
fed083a
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
0d0006d to
dd8021d
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
2 times, most recently
from
7985a81 to
ea4bde3
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
dd8021d to
716cdc7
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
2 times, most recently
from
1e0ddfd to
9695d45
Compare
ide
requested changes
May 11, 2026
Comment on lines
+38
to
+39
| const isCloseUser = this.useCookieAuth | ||
| ? prevState.online && (!state.online || state.url !== prevState.url) |
Member
There was a problem hiding this comment.
I'm not sure this is right - would state.online be set in the anonymous scenario? Looking at the this.close() call below, we don't send the user anyway when using cookies.
I think the current code works but it ends up being harder to read because of the history of how we ended up here.
Logically it's like we want:
if (useCookieAuth) {
// cookie-specific logic here...
this.close(...)
} else {
// old logic here...
this.close(...)
}
Contributor
Author
There was a problem hiding this comment.
Yes state.online could be set in the anonymous scenario. Agreed confusing. I just changed it to be clearer. The logic is the same though.
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
9695d45 to
9b3d500
Compare
ide
approved these changes
May 12, 2026
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
716cdc7 to
065b7a7
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
2 times, most recently
from
8a144da to
6d5e6b9
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
branch
from
065b7a7 to
9a2aa15
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
6d5e6b9 to
73ac58a
Compare
byronkarlen
changed the base branch from
byron/_snack-sdk_website_snackager_migrate_api_server_hostname
to
graphite-base/685
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
73ac58a to
3ab9305
Compare
byronkarlen
force-pushed
the
graphite-base/685
branch
from
9a2aa15 to
6d33ea8
Compare
byronkarlen
force-pushed
the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
from
3ab9305 to
9c00c29
Compare
byronkarlen
deleted the
byron/_snack-sdk_website_move_to_cookie-based_auth
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Remove client-side reads of the session cookie. Rely on
credentials: 'include'instead.How
snack-sdk
website
To make these changes, I had claude audit all of website's requests (either direct or through snack-sdk) to the API server. Then, I had it determine which of these endpoints needed potentially authenticated contexts and added support for
credentials: 'include'.Test Plan
Tested out auth flow locally against local instance of website and staging api. Not super familiar with snack so I'm not confident my QA was comprehensive.