Submit a merge request that closes this issue to earn points on merge — bounties stack on the standard +40 merge_pr award. New to the repo? See the Contributing guide, and Local Development & SSO to run the app locally (cp .dev.vars.example .dev.vars && pnpm dev, after rebasing on main) and fully test your change before opening the MR.

Description

Context

Every Worker has its own session cookie scoped to its subdomain. Members log in to scoreboard, then log in *again* to portal, *again* to events… Painful and breaks the "one community" feel.

Acceptance criteria

  • [ ] Make sessions shareable across *.irregulars.io so one OIDC login propagates everywhere.
  • [ ] Session cookie domain: .irregulars.io
  • [ ] Cookie name standardized: irc_session (replaces per-app names)
  • [ ] Each Worker reads from the shared KV namespace (or new SHARED_SESSIONS namespace)
  • [ ] Migration path: dual-cookie window of 30 days (old + new), then drop old
  • [ ] Logout from any service logs out of all (calls central DELETE /session)
  • [ ] Documented in packages/shared-utils/README.md as the canonical pattern

Technical hints

  • Cookie domain change requires coordination across all 12 wrangler.toml files
  • KV namespace consolidation may need a one-time data migration
  • Heed CSRF — SameSite=Lax is the right default for the shared domain pattern
  • Auth library lives in packages/shared-utils/src/ — this is THE place to centralize

Related

  • Spec proposal: docs/architecture/shared-session.md (create this as part of the work)

--- *Submit a merge request that says Closes #<this issue iid> in the description. On merge to main, the GitLab webhook will auto-award your bounty + the standard merge_pr (40 pts) to your scoreboard account. Email on commit must match your Authentik email.*

Relevant files

No relevant files linked yet.

Hints

No hints yet.

Activity

No points have been awarded for this bounty yet.

Comments

No comments yet. Be the first to weigh in.

↑ Top