Spaces:
Running
Running
sunheycho
commited on
Commit
·
ab5ee8c
1
Parent(s):
58fc638
Fix cookie setting by serving index directly
Browse files- Serve index.html directly instead of redirect to prevent cookie loss
- Set auth cookies via both HTTP headers and JavaScript
- Add debug logging for cookie verification
- Inject session heartbeat script directly into HTML
- Avoid redirect loops in HF Spaces iframe environment
api.py
CHANGED
|
@@ -1521,42 +1521,64 @@ def login():
|
|
| 1521 |
return redirect(next_page)
|
| 1522 |
print("Redirecting to index.html")
|
| 1523 |
|
| 1524 |
-
#
|
| 1525 |
-
print("
|
| 1526 |
|
| 1527 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1528 |
|
| 1529 |
-
|
| 1530 |
-
|
| 1531 |
-
|
| 1532 |
-
|
| 1533 |
-
|
| 1534 |
-
|
| 1535 |
-
|
| 1536 |
-
|
| 1537 |
-
|
| 1538 |
-
|
| 1539 |
-
|
| 1540 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1541 |
|
| 1542 |
-
#
|
| 1543 |
response.set_cookie(
|
| 1544 |
'auth_user_id',
|
| 1545 |
str(user.id),
|
| 1546 |
httponly=False,
|
| 1547 |
secure=False,
|
| 1548 |
-
samesite=None,
|
| 1549 |
-
path='/'
|
| 1550 |
-
domain=None
|
| 1551 |
)
|
| 1552 |
response.set_cookie(
|
| 1553 |
'auth_username',
|
| 1554 |
username,
|
| 1555 |
httponly=False,
|
| 1556 |
secure=False,
|
| 1557 |
-
samesite=None,
|
| 1558 |
-
path='/'
|
| 1559 |
-
domain=None
|
| 1560 |
)
|
| 1561 |
|
| 1562 |
response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
|
|
|
|
| 1521 |
return redirect(next_page)
|
| 1522 |
print("Redirecting to index.html")
|
| 1523 |
|
| 1524 |
+
# Serve index.html directly with cookies to avoid redirect issues
|
| 1525 |
+
print("Serving index.html directly with auth cookies")
|
| 1526 |
|
| 1527 |
+
# Read index.html file
|
| 1528 |
+
index_path = os.path.join(app.static_folder, 'index.html')
|
| 1529 |
+
try:
|
| 1530 |
+
with open(index_path, 'r', encoding='utf-8') as f:
|
| 1531 |
+
html = f.read()
|
| 1532 |
+
except Exception as e:
|
| 1533 |
+
print(f"[DEBUG] Failed to read index.html: {e}")
|
| 1534 |
+
return "Error loading page", 500
|
| 1535 |
+
|
| 1536 |
+
# Add session debug script
|
| 1537 |
+
debug_script = f"""
|
| 1538 |
+
<script>
|
| 1539 |
+
// Debug session and cookies
|
| 1540 |
+
console.log('Session debug - user_id: {user.id}, username: {username}');
|
| 1541 |
+
document.cookie = 'auth_user_id={user.id}; path=/; SameSite=None';
|
| 1542 |
+
document.cookie = 'auth_username={username}; path=/; SameSite=None';
|
| 1543 |
+
console.log('Cookies set via JS:', document.cookie);
|
| 1544 |
|
| 1545 |
+
// Session heartbeat
|
| 1546 |
+
setInterval(function() {{
|
| 1547 |
+
fetch('/api/heartbeat', {{
|
| 1548 |
+
method: 'POST',
|
| 1549 |
+
credentials: 'include'
|
| 1550 |
+
}}).catch(function(error) {{
|
| 1551 |
+
console.log('Heartbeat failed:', error);
|
| 1552 |
+
}});
|
| 1553 |
+
}}, 30000);
|
| 1554 |
+
</script>
|
| 1555 |
+
"""
|
| 1556 |
+
|
| 1557 |
+
# Insert script before </body>
|
| 1558 |
+
if '</body>' in html:
|
| 1559 |
+
html = html.replace('</body>', debug_script + '\n</body>')
|
| 1560 |
+
else:
|
| 1561 |
+
html += debug_script
|
| 1562 |
+
|
| 1563 |
+
response = make_response(html)
|
| 1564 |
+
response.headers['Content-Type'] = 'text/html; charset=utf-8'
|
| 1565 |
|
| 1566 |
+
# Set cookies in response headers as well
|
| 1567 |
response.set_cookie(
|
| 1568 |
'auth_user_id',
|
| 1569 |
str(user.id),
|
| 1570 |
httponly=False,
|
| 1571 |
secure=False,
|
| 1572 |
+
samesite='None',
|
| 1573 |
+
path='/'
|
|
|
|
| 1574 |
)
|
| 1575 |
response.set_cookie(
|
| 1576 |
'auth_username',
|
| 1577 |
username,
|
| 1578 |
httponly=False,
|
| 1579 |
secure=False,
|
| 1580 |
+
samesite='None',
|
| 1581 |
+
path='/'
|
|
|
|
| 1582 |
)
|
| 1583 |
|
| 1584 |
response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
|