Firebase strips all request cookies

Cloud, Firebase, Technical 1 Minute

A painfully wasteful discovery today was that, when you are using Firebase Functions to serve your code, it strips all cookies from the request object.  The only hack around this is to use a specially named cookie, “__session” and fit any data you need into that.

For example, in the browser

document.cookie = “__session=some_value”;

and on the server

import {parse} from “cookie-parse”;

exports.myFunction = functions.https.onRequest((req, res) => {
const cookie = req.headers.cookie;
const sessionValue = parse(cookie)[“__session”];
console.log(“Should be some_value”, sessionValue);
});

Published by Shane O'Sullivan

I am a software engineer and manager from Ireland. I spent 7 years working in Ireland from 2003 – 2010, then ten years in Silicon Valley from 2010 to 2020. In California I spent about 6.5 years at Facebook Engineering, the last three of which I was an engineering manager in the Ads organisation focusing on customer facing products for creating and managing ads. At Stripe I built the Developer Productivity organisation, with teams that were responsible for the use of the Ruby language, testing infrastructure, documentation, developer tooling (e.g. IDE integrations) and more. At Promise, I was Head of Engineering from 2018 – 2020, responsible for building the first few iterations of our products, hiring for all product roles, meeting with clients and investors, and anything else needed to get a tiny startup bootstrapped and successful. Now I’m back in Ireland, working on my next company. Coming soon (as of early 2023!). This blog contains my various musings on all things technical/interesting on the interweb and beyond.

Published

Leave a comment