Skip to content

Commit 9e4a383

Browse files
committed
fix(crawler): verify session persisted after login (SameSite=Strict)
1 parent 1b23874 commit 9e4a383

2 files changed

Lines changed: 36 additions & 0 deletions

File tree

tools/crawler/crawl.js

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,25 @@ async function login(page, retries = 3) {
100100
{ timeout: 30000 },
101101
);
102102
await page.waitForTimeout(1000);
103+
// The submit navigated away from /login, but that alone does not prove
104+
// the session is usable on a fresh request: a SameSite=Strict / __Host-
105+
// cookie can fail to attach on the next clean navigation (observed as a
106+
// login that "succeeds" then 401s every authed page). Re-navigate to an
107+
// authed route from scratch and require that it does NOT bounce back to
108+
// the login page; if it does, the session did not take — retry.
109+
const probe =
110+
SEED_PAGES.find(
111+
(p) => p && p !== LOGIN_URL && !p.startsWith(`${LOGIN_URL}/`),
112+
) || "/";
113+
await page.goto(`${BASE_URL}${probe}`, {
114+
waitUntil: "domcontentloaded",
115+
timeout: 30000,
116+
});
117+
await page.waitForTimeout(Math.max(WAIT_MS, 1500));
118+
const landed = new URL(page.url()).pathname;
119+
if (landed === LOGIN_URL || landed.startsWith(`${LOGIN_URL}/`)) {
120+
throw new Error(`session did not persist — bounced to ${landed}`);
121+
}
103122
return;
104123
} catch (err) {
105124
console.log(`Login attempt ${i + 1}/${retries} failed: ${err.message}`);

tools/crawler/monkey.js

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,23 @@ async function login(page) {
194194
},
195195
{ timeout: 30000 },
196196
);
197+
// Confirm the session is usable on a fresh navigation — a
198+
// SameSite=Strict / __Host- cookie can fail to attach after the submit,
199+
// leaving the monkey clicking around an unauthenticated shell. Bounce
200+
// back to /login means the session did not take; retry.
201+
const probe =
202+
SEED_PAGES.find(
203+
(p) => p && p !== LOGIN_URL && !p.startsWith(`${LOGIN_URL}/`),
204+
) || "/";
205+
await page.goto(`${BASE_URL}${probe}`, {
206+
waitUntil: "domcontentloaded",
207+
timeout: 30000,
208+
});
209+
await page.waitForTimeout(1500);
210+
const landed = new URL(page.url()).pathname;
211+
if (landed === LOGIN_URL || landed.startsWith(`${LOGIN_URL}/`)) {
212+
throw new Error(`session did not persist — bounced to ${landed}`);
213+
}
197214
return true;
198215
} catch (err) {
199216
console.log(`Login attempt ${i + 1}/3 failed: ${err.message}`);

0 commit comments

Comments
 (0)