aws-observability · limhjgrace · Jul 8, 2024 · Jun 6, 2024 · Jun 7, 2024 · Jun 10, 2024
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -52,7 +52,7 @@ For example, the config object may look similar to the following:
 | path | String | `/` | See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent |
 | sameSite | Boolean | `true` | See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent |
 | secure | Boolean | `true` | See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent |
-| unique | Boolean | `false` | When this field is `false`, the session cookie name is `cwr_s`. When this field is `true`, the session cookie name is `cwr_s_[AppMonitor Id]`.<br/><br/>Set this field to `true` when multiple AppMonitors will monitor the same page. For example, this might be the case if one AppMonitor is used for logged-in users, and a second AppMonitor is used for guest users.  |
+| unique | Boolean | `false` | When this field is `false`, the session cookie name is `cwr_s` and the credential cookie name is `cwr_c`. When this field is `true`, the session cookie name is `cwr_s_[AppMonitor Id]` and the credential cookie name is `cwr_c_[AppMonitor Id]`.<br/><br/>Set this field to `true` when multiple AppMonitors will monitor the same page. For example, this might be the case if one AppMonitor is used for logged-in users, and a second AppMonitor is used for guest users.  |
 
 ## MetadataAttributes
 You may add up to 10 custom attributes per event. Custom attributes are

diff --git a/src/dispatch/Authentication.ts b/src/dispatch/Authentication.ts
@@ -3,22 +3,27 @@ import { Config } from '../orchestration/Orchestration';
 import { AwsCredentialIdentity } from '@aws-sdk/types';
 import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
 import { CRED_KEY, CRED_RENEW_MS } from '../utils/constants';
-import { getCookieName } from '../utils/cookies-utils';
 
 export abstract class Authentication {
-    protected applicationId: string;
     protected cognitoIdentityClient: CognitoIdentityClient;
     protected config: Config;
     protected credentials: AwsCredentialIdentity | undefined;
+    protected credentialStorageKey: string;
 
     constructor(config: Config, applicationId: string) {
         const region: string = config.identityPoolId!.split(':')[0];
         this.config = config;
-        this.cognitoIdentityClient = new CognitoIdentityClient({
-            fetchRequestHandler: new FetchHttpHandler(),
-            region
-        });
-        this.applicationId = applicationId;
+        this.cognitoIdentityClient = new CognitoIdentityClient(
+            {
+                fetchRequestHandler: new FetchHttpHandler(),
+                region
+            },
+            this.config.cookieAttributes.unique,
+            applicationId
+        );
+        this.credentialStorageKey = this.config.cookieAttributes.unique
+            ? `${CRED_KEY}_${applicationId}`
+            : CRED_KEY;
     }
 
     /**
@@ -84,13 +89,7 @@ export abstract class Authentication {
                 let credentials: AwsCredentialIdentity;
                 try {
                     credentials = JSON.parse(
-                        localStorage.getItem(
-                            getCookieName(
-                                this.config.cookieAttributes.unique,
-                                CRED_KEY,
-                                this.applicationId
-                            )
-                        )!
+                        localStorage.getItem(this.credentialStorageKey)!
                     );
                 } catch (e) {
                     // Error retrieving, decoding or parsing the cred string -- abort

diff --git a/src/dispatch/BasicAuthentication.ts b/src/dispatch/BasicAuthentication.ts
@@ -2,9 +2,7 @@ import { Config } from '../orchestration/Orchestration';
 import { AwsCredentialIdentity } from '@aws-sdk/types';
 import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
 import { StsClient } from './StsClient';
-import { CRED_KEY } from '../utils/constants';
 import { Authentication } from './Authentication';
-import { getCookieName } from '../utils/cookies-utils';
 
 export class BasicAuthentication extends Authentication {
     private stsClient: StsClient;
@@ -52,11 +50,7 @@ export class BasicAuthentication extends Authentication {
                     this.credentials = credentials;
                     try {
                         localStorage.setItem(
-                            getCookieName(
-                                this.config.cookieAttributes.unique,
-                                CRED_KEY,
-                                this.applicationId
-                            ),
+                            this.credentialStorageKey,
                             JSON.stringify(credentials)
                         );
                     } catch (e) {

diff --git a/src/dispatch/CognitoIdentityClient.ts b/src/dispatch/CognitoIdentityClient.ts
@@ -44,18 +44,26 @@ export declare type CognitoIdentityClientConfig = {
 export class CognitoIdentityClient {
     private fetchRequestHandler: HttpHandler;
     private hostname: string;
+    private identityStorageKey: string;
 
-    constructor(config: CognitoIdentityClientConfig) {
+    constructor(
+        config: CognitoIdentityClientConfig,
+        uniqueCookies: boolean,
+        applicationId: string
+    ) {
         this.hostname = `cognito-identity.${config.region}.amazonaws.com`;
         this.fetchRequestHandler = config.fetchRequestHandler;
+        this.identityStorageKey = uniqueCookies
+            ? `${IDENTITY_KEY}_${applicationId}`
+            : IDENTITY_KEY;
     }
 
     public getId = async (request: { IdentityPoolId: string }) => {
         let getIdResponse: GetIdResponse | null = null;
 
         try {
             getIdResponse = JSON.parse(
-                localStorage.getItem(IDENTITY_KEY)!
+                localStorage.getItem(this.identityStorageKey)!
             ) as GetIdResponse | null;
         } catch (e) {
             // Ignore -- we will get a new identity Id from Cognito
@@ -78,7 +86,7 @@ export class CognitoIdentityClient {
             )) as GetIdResponse;
             try {
                 localStorage.setItem(
-                    IDENTITY_KEY,
+                    this.identityStorageKey,
                     JSON.stringify({ IdentityId: getIdResponse.IdentityId })
                 );
             } catch (e) {
@@ -104,7 +112,7 @@ export class CognitoIdentityClient {
                 await responseToJson(response)
             );
         } catch (e) {
-            localStorage.removeItem(IDENTITY_KEY);
+            localStorage.removeItem(this.identityStorageKey);
             throw new Error(
                 `CWR: Failed to retrieve Cognito OpenId token: ${e}`
             );
@@ -134,7 +142,7 @@ export class CognitoIdentityClient {
                 expiration: new Date(Expiration * 1000)
             };
         } catch (e) {
-            localStorage.removeItem(IDENTITY_KEY);
+            localStorage.removeItem(this.identityStorageKey);
             throw new Error(
                 `CWR: Failed to retrieve credentials for Cognito identity: ${e}`
             );

diff --git a/src/dispatch/EnhancedAuthentication.ts b/src/dispatch/EnhancedAuthentication.ts
@@ -1,8 +1,6 @@
 import { Config } from '../orchestration/Orchestration';
 import { AwsCredentialIdentity } from '@aws-sdk/types';
-import { CRED_KEY } from '../utils/constants';
 import { Authentication } from './Authentication';
-import { getCookieName } from '../utils/cookies-utils';
 
 export class EnhancedAuthentication extends Authentication {
     constructor(config: Config, applicationId: string) {
@@ -35,11 +33,7 @@ export class EnhancedAuthentication extends Authentication {
                     this.credentials = credentials;
                     try {
                         localStorage.setItem(
-                            getCookieName(
-                                this.config.cookieAttributes.unique,
-                                CRED_KEY,
-                                this.applicationId
-                            ),
+                            this.credentialStorageKey,
                             JSON.stringify(credentials)
                         );
                     } catch (e) {

diff --git a/src/dispatch/__tests__/BasicAuthentication.test.ts b/src/dispatch/__tests__/BasicAuthentication.test.ts
@@ -42,6 +42,7 @@ describe('BasicAuthentication tests', () => {
             expiration: new Date(new Date().getTime() + 60 * 60 * 1000)
         });
         localStorage.removeItem(CRED_KEY);
+        localStorage.removeItem(`${CRED_KEY}_${APPLICATION_ID}`);
     });
 
     test('when credential is in localStorage then authentication chain retrieves credential from localStorage', async () => {