Skip to content

♻️ encode cookie options in cookie value #3905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 15, 2025
Merged

♻️ encode cookie options in cookie value #3905

merged 7 commits into from
Oct 15, 2025

Conversation

@thomas-lebeau
Copy link
Collaborator

@thomas-lebeau thomas-lebeau commented Oct 7, 2025
edited
Loading

Motivation

Some initialization options (usePartitionedCrossSiteSessionCookie and trackSessionAccrossSubdomain) affects the scope of the cookie, If theses options are not in sync between each instance of the SDK (i.e. LOGS and RUM), then multiple cookies with the same name can be created can can crash one of the SDKs.

Changes

  • Encode and include the relevant init configuration option in the cookie value
  • If multiple cookies with the same name are found, find the one matching the current init config
  • In this encoded config, include a cookie version to ease future migration if necessary

Note

To reduce the risk as much as possible, I did the change only for the session cookie and kept the cookie utils used by other cookies untouched.

Test instructions

Checklist

  • Tested locally
  • Tested on staging
  • Added unit tests for this change.
  • Added e2e/integration tests for this change.

@cit-pr-commenter
Copy link

cit-pr-commenter bot commented Oct 7, 2025
edited
Loading

Bundles Sizes Evolution

📦 Bundle Name Base Size Local Size 𝚫 𝚫% Status
Rum 162.08 KiB 162.82 KiB +754 B +0.45%
Rum Recorder 19.78 KiB 19.78 KiB 0 B 0.00%
Rum Profiler 4.89 KiB 4.89 KiB 0 B 0.00%
Logs 55.77 KiB 56.50 KiB +747 B +1.31%
Flagging 944 B 944 B 0 B 0.00%
Rum Slim 119.06 KiB 119.78 KiB +735 B +0.60%
Worker 23.60 KiB 23.60 KiB 0 B 0.00%
🚀 CPU Performance
Action Name Base CPU Time (ms) Local CPU Time (ms) 𝚫%
RUM - add global context 0.0045 0.004 -11.11%
RUM - add action 0.014 0.0122 -12.86%
RUM - add error 0.0122 0.012 -1.64%
RUM - add timing 0.003 0.003 0.00%
RUM - start view 0.0037 0.0033 -10.81%
RUM - start/stop session replay recording 0.001 0.0007 -30.00%
Logs - log message 0.0176 0.0126 -28.41%
🧠 Memory Performance
Action Name Base Memory Consumption Local Memory Consumption 𝚫
RUM - add global context 25.46 KiB 25.83 KiB +383 B
RUM - add action 45.97 KiB 46.51 KiB +556 B
RUM - add timing 24.34 KiB 24.58 KiB +245 B
RUM - add error 51.44 KiB 49.60 KiB -1.84 KiB
RUM - start/stop session replay recording 24.89 KiB 24.14 KiB -772 B
RUM - start view 422.83 KiB 429.79 KiB +6.96 KiB
Logs - log message 43.14 KiB 44.32 KiB +1.18 KiB

🔗 RealWorld

@datadog-official
Copy link

datadog-official bot commented Oct 7, 2025
edited by datadog-datadog-prod-us1 bot
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage
Patch Coverage: 82.61%
Total Coverage: 92.63% (-0.04%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 793177f | Docs | Was this helpful? Give us feedback!

@thomas-lebeau thomas-lebeau force-pushed the thomas.lebeau/cookie-option-encode branch 3 times, most recently from 99af81f to 65d47fa Compare October 8, 2025 10:04
@thomas-lebeau thomas-lebeau force-pushed the thomas.lebeau/cookie-option-encode branch 3 times, most recently from e5ae822 to 7be32d5 Compare October 8, 2025 12:45
@thomas-lebeau thomas-lebeau force-pushed the thomas.lebeau/cookie-option-encode branch from 7be32d5 to eb9497a Compare October 8, 2025 12:59
@thomas-lebeau thomas-lebeau marked this pull request as ready for review October 8, 2025 13:45
@thomas-lebeau thomas-lebeau requested a review from a team as a code owner October 8, 2025 13:45
@thomas-lebeau thomas-lebeau force-pushed the thomas.lebeau/cookie-option-encode branch from 7ad5a8a to 80a391e Compare October 9, 2025 12:23
mormubis
mormubis reviewed Oct 10, 2025
View reviewed changes
BenoitZugmeyer
BenoitZugmeyer reviewed Oct 10, 2025
View reviewed changes
packages/core/src/domain/session/storeStrategies/sessionInCookie.ts Outdated
let byte = 0
byte |= SESSION_COOKIE_VERSION << 6 // Store version in upper 2 bits
byte |= domainCount << 2 // Store domain count in next 4 bits
byte |= configuration.usePartitionedCrossSiteSessionCookie ? 1 : 0 << 1 // Store useCrossSiteScripting in next bit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

Suggested change
byte |= configuration.usePartitionedCrossSiteSessionCookie ? 1 : 0 << 1 // Store useCrossSiteScripting in next bit
byte |= configuration.usePartitionedCrossSiteSessionCookie ? 1 : 0 // Store useCrossSiteScripting in next bit

Suggestion: FMU we are using 7 bits on the 8 available bits. We might want to give the version one more bit, so we can have up to 7 versions?

packages/core/src/browser/cookie.ts Outdated
Comment on lines 40 to 42
export function getCookies(name: string): string[] | undefined {
return findAllCommaSeparatedValues(document.cookie).get(name)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: to simplify a bit, always return an array (similar to cookieStore.getAll())

Suggested change
export function getCookies(name: string): string[] | undefined {
return findAllCommaSeparatedValues(document.cookie).get(name)
}
export function getCookies(name: string): string[] {
return findAllCommaSeparatedValues(document.cookie).get(name) || []
}

packages/core/src/domain/session/sessionManager.ts Outdated
Comment on lines 182 to 203
if (sessionStoreStrategyType.type === SessionPersistence.COOKIE) {
const rawSession = retrieveSessionCookie(configuration, sessionStoreStrategyType.cookieOptions)
// monitor-until: forever, could be handy to troubleshoot issues until session manager rework
addTelemetryDebug('Unexpected session state', {
sessionStoreStrategyType: sessionStoreStrategyType.type,
session: rawSession,
isSyntheticsTest: isSyntheticsTest(),
createdTimestamp: rawSession?.created,
expireTimestamp: rawSession?.expire,
cookie: await getSessionCookies(),
currentDomain: `${window.location.protocol}//${window.location.hostname}`,
})
} else if (sessionStoreStrategyType.type === SessionPersistence.LOCAL_STORAGE) {
const rawSession = retrieveSessionFromLocalStorage()
// monitor-until: forever, could be handy to troubleshoot issues until session manager rework
addTelemetryDebug('Unexpected session state', {
sessionStoreStrategyType: sessionStoreStrategyType.type,
session: rawSession,
isSyntheticsTest: isSyntheticsTest(),
createdTimestamp: rawSession?.created,
expireTimestamp: rawSession?.expire,
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: factorize a bit

let rawSession
let cookieContext
if (sessionStoreStrategyType.type === SessionPersistence.COOKIE) {
  rawSession = retrieveSessionCookie(configuration, sessionStoreStrategyType.cookieOptions)
  cookieContext = {
    cookie: await getSessionCookies(),
    currentDomain: `${window.location.protocol}//${window.location.hostname}`,
  }
} else {
  rawSession = retrieveSessionFromLocalStorage()
}


  // monitor-until: forever, could be handy to troubleshoot issues until session manager rework
  addTelemetryDebug('Unexpected session state', {
    sessionStoreStrategyType: sessionStoreStrategyType.type,
    session: rawSession,
    isSyntheticsTest: isSyntheticsTest(),
    createdTimestamp: rawSession?.created,
    expireTimestamp: rawSession?.expire,
    ...cookieContext
  })

test/e2e/scenario/sessionStore.scenario.ts
Comment on lines +122 to +127
await page.waitForTimeout(1000)

if (!encodeCookieOptions) {
// ensure the test is failing when the Feature Flag is disabled
test.fail()
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: after we remove the feature flag, it could be nice to remove the waitForTimeout and use something like expect.poll

@thomas-lebeau
Copy link
Collaborator Author

/to-staging

@dd-devflow-routing-codex
Copy link

dd-devflow-routing-codex bot commented Oct 13, 2025
edited
Loading

View all feedbacks in Devflow UI.

2025-10-13 12:33:03 UTC ℹ️ Start processing command /to-staging

2025-10-13 12:33:10 UTC ℹ️ Branch Integration: starting soon, merge expected in approximately 11m (p90)

Commit 232186dbf0 will soon be integrated into staging-42.

2025-10-13 12:44:01 UTC ℹ️ Branch Integration: this commit was successfully integrated

Commit 232186dbf0 has been merged into staging-42 in merge commit a873893577.

Check out the triggered pipeline on Gitlab 🦊

If you need to revert this integration, you can use the following command: /code revert-integration -b staging-42

dd-mergequeue bot added a commit that referenced this pull request Oct 13, 2025
@dd-mergequeue @thomas-lebeau
Integrate thomas.lebeau/cookie-option-encode (#3905) into staging-42
a873893 
Integrated commit sha: 232186d

Co-authored-by: thomas-lebeau <[email protected]>
BenoitZugmeyer
BenoitZugmeyer approved these changes Oct 15, 2025
View reviewed changes
packages/core/src/domain/configuration/configuration.ts Outdated
beforeSend:
initConfiguration.beforeSend && catchUserErrors(initConfiguration.beforeSend, 'beforeSend threw an error:'),
sessionStoreStrategyType: isWorkerEnvironment ? undefined : selectSessionStoreStrategyType(initConfiguration),
usePartitionedCrossSiteSessionCookie: initConfiguration.usePartitionedCrossSiteSessionCookie ?? false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💬 suggestion: use cookieOption.partitioned or crossSite instead of exposing this property to the config‏

@thomas-lebeau thomas-lebeau merged commit ec8a26a into main Oct 15, 2025
20 checks passed
@thomas-lebeau thomas-lebeau deleted the thomas.lebeau/cookie-option-encode branch October 15, 2025 15:35
mormubis added a commit that referenced this pull request Oct 16, 2025
@mormubis
Merge branch 'adlrb/logs-node--fix-staging--fix-staging' (88c2845) in…
1a9eccc 
…to staging-42

 pm_trace_id: 79460157
 feature_branch_pipeline_id: 79460157
 source: to-staging

* commit '88c2845f4bd4fe0446a079270832f539160a9163':
  🐛 pr-feedback: add 100% telemetry sample rate
  🐛 add check for messages
  🐛 replace isworker by due to multiple events
  🐛 replace check
  🐛 pr-feedback: replace node check
  fix: throw the error
  fix: super weird linter fix
  fix: linter warnings
  fix: compatibility test
  fix: block logs in node
  ⚗️ encode cookie options in cookie value (#3905)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BenoitZugmeyer BenoitZugmeyer BenoitZugmeyer approved these changes

@mormubis mormubis mormubis approved these changes

Assignees

No one assigned

Labels

staging-42

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomas-lebeau @BenoitZugmeyer @mormubis