Use BuildCookie function when setting cookie in Istio router

renatovassaomb · renatovassaomb · commit a27a19a0e242 · 2025-09-11T13:08:07.000-03:00
Signed-off-by: Renato Vassão &lt;renato.vassao@mindbodyonline.com&gt;
diff --git a/pkg/router/istio.go b/pkg/router/istio.go
@@ -532,9 +532,7 @@ func (ir *IstioRouter) SetRoutes(
 						}
 					}
 					routeDest.Headers.Response.Add = map[string]string{
-						setCookieHeader: fmt.Sprintf("%s; %s=%d", canary.Status.SessionAffinityCookie, maxAgeAttr,
-							canary.Spec.Analysis.SessionAffinity.GetMaxAge(),
-						),
+						setCookieHeader: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie),
 					}
 				}
 				weightedRoute.Route[i] = routeDest
diff --git a/pkg/router/istio_test.go b/pkg/router/istio_test.go
@@ -190,8 +190,14 @@ func TestIstioRouter_SetRoutes(t *testing.T) {
 		cookieKey := "flagger-cookie"
 		// enable session affinity and start canary run
 		canary.Spec.Analysis.SessionAffinity = &v1beta1.SessionAffinity{
-			CookieName: cookieKey,
-			MaxAge:     300,
+			CookieName:  cookieKey,
+			Domain:      "flagger.app",
+			HttpOnly:    true,
+			MaxAge:      300,
+			Partitioned: true,
+			Path:        "/app",
+			SameSite:    "Strict",
+			Secure:      true,
 		}
 		err := router.SetRoutes(canary, 0, 10, false)
 
@@ -231,7 +237,13 @@ func TestIstioRouter_SetRoutes(t *testing.T) {
 				val, ok := routeDest.Headers.Response.Add[setCookieHeader]
 				assert.True(t, ok)
 				assert.True(t, strings.HasPrefix(val, cookieKey))
+				assert.True(t, strings.Contains(val, "Domain=flagger.app"))
+				assert.True(t, strings.Contains(val, "HttpOnly"))
 				assert.True(t, strings.Contains(val, "Max-Age=300"))
+				assert.True(t, strings.Contains(val, "Partitioned"))
+				assert.True(t, strings.Contains(val, "Path=/app"))
+				assert.True(t, strings.Contains(val, "SameSite=Strict"))
+				assert.True(t, strings.Contains(val, "Secure"))
 			}
 		}
 		assert.True(t, strings.HasPrefix(canary.Status.SessionAffinityCookie, cookieKey))
@@ -286,7 +298,13 @@ func TestIstioRouter_SetRoutes(t *testing.T) {
 				val, ok := routeDest.Headers.Response.Add[setCookieHeader]
 				assert.True(t, ok)
 				assert.True(t, strings.HasPrefix(val, cookieKey))
+				assert.True(t, strings.Contains(val, "Domain=flagger.app"))
+				assert.True(t, strings.Contains(val, "HttpOnly"))
 				assert.True(t, strings.Contains(val, "Max-Age=300"))
+				assert.True(t, strings.Contains(val, "Partitioned"))
+				assert.True(t, strings.Contains(val, "Path=/app"))
+				assert.True(t, strings.Contains(val, "SameSite=Strict"))
+				assert.True(t, strings.Contains(val, "Secure"))
 			}
 		}
 		assert.True(t, strings.HasPrefix(canary.Status.SessionAffinityCookie, cookieKey))

Original file line number	Diff line number	Diff line change
`@@ -532,9 +532,7 @@ func (ir *IstioRouter) SetRoutes(`
`532`	`532`	`}`
`533`	`533`	`}`
`534`	`534`	`routeDest.Headers.Response.Add = map[string]string{`
`535`		`- setCookieHeader: fmt.Sprintf("%s; %s=%d", canary.Status.SessionAffinityCookie, maxAgeAttr,`
`536`		`- canary.Spec.Analysis.SessionAffinity.GetMaxAge(),`
`537`		`- ),`
	`535`	`+ setCookieHeader: canary.Spec.Analysis.SessionAffinity.BuildCookie(canary.Status.SessionAffinityCookie),`
`538`	`536`	`}`
`539`	`537`	`}`
`540`	`538`	`weightedRoute.Route[i] = routeDest`