@v-tilt/browser 1.1.4 → 1.1.5

package/dist/session.d.ts

@@ -10,7 +10,7 @@ import { PersistenceMethod } from "./types";
 export declare class SessionManager {
     private storage;
     private _windowId;
-    constructor(storageMethod?: PersistenceMethod, domain?: string);
+    constructor(storageMethod?: PersistenceMethod, cross_subdomain?: boolean);
     /**
      * Get session ID (always returns a value, generates if needed)
      */
@@ -26,10 +26,12 @@ export declare class SessionManager {
     resetSessionId(): void;
     /**
      * Get session ID from storage (raw, can return null)
+     * Cookie Max-Age handles expiration automatically
      */
     private _getSessionIdRaw;
     /**
      * Store session ID
+     * Uses plain string format - cookie Max-Age handles expiration
      */
     private _storeSessionId;
     /**
@@ -60,5 +62,5 @@ export declare class SessionManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method: PersistenceMethod, domain?: string): void;
+    updateStorageMethod(method: PersistenceMethod, cross_subdomain?: boolean): void;
 }

package/dist/storage.d.ts

@@ -16,7 +16,7 @@ export declare const SESSION_COOKIE_MAX_AGE = 1800;
 export declare const USER_COOKIE_MAX_AGE = 31536000;
 export interface StorageOptions {
     method: PersistenceMethod;
-    domain?: string;
+    cross_subdomain?: boolean;
     secure?: boolean;
     sameSite?: "Strict" | "Lax" | "None";
 }
@@ -24,13 +24,18 @@ export interface StorageItem<T = string> {
     value: T;
     expiry?: number;
 }
+/**
+ * Auto-detect if cross-subdomain cookies should be enabled
+ * Returns false for platforms like herokuapp.com, vercel.app, netlify.app
+ */
+export declare function shouldUseCrossSubdomainCookie(): boolean;
 /**
  * Unified Storage Manager
  * Provides consistent storage operations across all persistence methods
  */
 export declare class StorageManager {
     private method;
-    private domain?;
+    private cross_subdomain;
     private secure;
     private sameSite;
     private memoryStorage;
@@ -92,4 +97,4 @@ export declare class StorageManager {
  * Create a shared storage instance
  * Use this for creating storage managers with consistent settings
  */
-export declare function createStorageManager(method: PersistenceMethod, domain?: string): StorageManager;
+export declare function createStorageManager(method: PersistenceMethod, cross_subdomain?: boolean): StorageManager;

package/dist/types.d.ts

@@ -20,7 +20,7 @@ export interface VTiltConfig {
     name?: string;
     /** Project ID (set via init() first argument) */
     projectId?: string;
-    /** Domain to track (auto-detected if not provided) */
+    /** Domain to track (auto-detected if not provided) - used in event properties */
     domain?: string;
     /** Storage method for session data */
     storage?: PersistenceMethod;
@@ -28,7 +28,12 @@ export interface VTiltConfig {
     persistence?: PersistenceMethod;
     /** Persistence name prefix */
     persistence_name?: string;
-    /** Enable cross-subdomain cookies */
+    /**
+     * Enable cross-subdomain cookies.
+     * When true, cookies are shared across subdomains (e.g., app.example.com and www.example.com).
+     * Auto-detects false for platforms like herokuapp.com, vercel.app, netlify.app.
+     * @default true (except for excluded platforms)
+     */
     cross_subdomain_cookie?: boolean;
     /**
      * Person profiles mode:
@@ -97,7 +102,6 @@ export interface TrackingEvent {
     timestamp: string;
     event: string;
     project_id: string;
-    domain: string;
     distinct_id: string;
     anonymous_id?: string;
     payload: EventPayload;

package/dist/user-manager.d.ts

@@ -15,7 +15,7 @@ export declare class UserManager {
     private storage;
     private userIdentity;
     private _cachedPersonProperties;
-    constructor(storageMethod?: PersistenceMethod, domain?: string);
+    constructor(storageMethod?: PersistenceMethod, cross_subdomain?: boolean);
     /**
      * Get current user identity
      */
@@ -136,5 +136,5 @@ export declare class UserManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method: PersistenceMethod, domain?: string): void;
+    updateStorageMethod(method: PersistenceMethod, cross_subdomain?: boolean): void;
 }

package/lib/session.d.ts

@@ -10,7 +10,7 @@ import { PersistenceMethod } from "./types";
 export declare class SessionManager {
     private storage;
     private _windowId;
-    constructor(storageMethod?: PersistenceMethod, domain?: string);
+    constructor(storageMethod?: PersistenceMethod, cross_subdomain?: boolean);
     /**
      * Get session ID (always returns a value, generates if needed)
      */
@@ -26,10 +26,12 @@ export declare class SessionManager {
     resetSessionId(): void;
     /**
      * Get session ID from storage (raw, can return null)
+     * Cookie Max-Age handles expiration automatically
      */
     private _getSessionIdRaw;
     /**
      * Store session ID
+     * Uses plain string format - cookie Max-Age handles expiration
      */
     private _storeSessionId;
     /**
@@ -60,5 +62,5 @@ export declare class SessionManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method: PersistenceMethod, domain?: string): void;
+    updateStorageMethod(method: PersistenceMethod, cross_subdomain?: boolean): void;
 }

package/lib/session.js

@@ -13,13 +13,11 @@ const constants_1 = require("./constants");
 const utils_1 = require("./utils");
 const globals_1 = require("./utils/globals");
 const storage_1 = require("./storage");
-// Session TTL in milliseconds (30 minutes)
-const SESSION_TTL_MS = 30 * 60 * 1000;
 class SessionManager {
-    constructor(storageMethod = "cookie", domain) {
+    constructor(storageMethod = "cookie", cross_subdomain) {
         this.storage = new storage_1.StorageManager({
             method: storageMethod,
-            domain,
+            cross_subdomain,
             sameSite: "Lax",
         });
         this._windowId = undefined;
@@ -66,48 +64,16 @@ class SessionManager {
     }
     /**
      * Get session ID from storage (raw, can return null)
+     * Cookie Max-Age handles expiration automatically
      */
     _getSessionIdRaw() {
-        // Use getWithExpiry for localStorage/sessionStorage (handles JSON + expiry)
-        const sessionData = this.storage.getWithExpiry(constants_1.STORAGE_KEY);
-        if (sessionData) {
-            return sessionData;
-        }
-        // For cookie mode, the cookie itself handles expiry via Max-Age
-        // Just get the raw value
-        const rawValue = this.storage.get(constants_1.STORAGE_KEY);
-        if (rawValue) {
-            // Check if it's JSON format (from web storage) or plain string (from cookie)
-            try {
-                const parsed = JSON.parse(rawValue);
-                // If it's a StorageItem, extract value and check expiry
-                if (typeof parsed === "object" &&
-                    parsed !== null &&
-                    "value" in parsed) {
-                    if (parsed.expiry && Date.now() > parsed.expiry) {
-                        this.storage.remove(constants_1.STORAGE_KEY);
-                        return null;
-                    }
-                    return parsed.value;
-                }
-                return rawValue;
-            }
-            catch (_a) {
-                // Plain string value (from cookie)
-                return rawValue;
-            }
-        }
-        return null;
+        return this.storage.get(constants_1.STORAGE_KEY);
     }
     /**
      * Store session ID
+     * Uses plain string format - cookie Max-Age handles expiration
      */
     _storeSessionId(sessionId) {
-        // Use setWithExpiry for localStorage/sessionStorage
-        // For cookies, the StorageManager handles Max-Age
-        this.storage.setWithExpiry(constants_1.STORAGE_KEY, sessionId, SESSION_TTL_MS);
-        // Also set as plain cookie for cookie mode (overwrites JSON format)
-        // This ensures cookies work properly with Max-Age
         this.storage.set(constants_1.STORAGE_KEY, sessionId, storage_1.SESSION_COOKIE_MAX_AGE);
     }
     /**
@@ -214,10 +180,10 @@ class SessionManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method, domain) {
+    updateStorageMethod(method, cross_subdomain) {
         this.storage = new storage_1.StorageManager({
             method,
-            domain,
+            cross_subdomain,
             sameSite: "Lax",
         });
     }

package/lib/storage.d.ts

@@ -16,7 +16,7 @@ export declare const SESSION_COOKIE_MAX_AGE = 1800;
 export declare const USER_COOKIE_MAX_AGE = 31536000;
 export interface StorageOptions {
     method: PersistenceMethod;
-    domain?: string;
+    cross_subdomain?: boolean;
     secure?: boolean;
     sameSite?: "Strict" | "Lax" | "None";
 }
@@ -24,13 +24,18 @@ export interface StorageItem<T = string> {
     value: T;
     expiry?: number;
 }
+/**
+ * Auto-detect if cross-subdomain cookies should be enabled
+ * Returns false for platforms like herokuapp.com, vercel.app, netlify.app
+ */
+export declare function shouldUseCrossSubdomainCookie(): boolean;
 /**
  * Unified Storage Manager
  * Provides consistent storage operations across all persistence methods
  */
 export declare class StorageManager {
     private method;
-    private domain?;
+    private cross_subdomain;
     private secure;
     private sameSite;
     private memoryStorage;
@@ -92,4 +97,4 @@ export declare class StorageManager {
  * Create a shared storage instance
  * Use this for creating storage managers with consistent settings
  */
-export declare function createStorageManager(method: PersistenceMethod, domain?: string): StorageManager;
+export declare function createStorageManager(method: PersistenceMethod, cross_subdomain?: boolean): StorageManager;

package/lib/storage.js

@@ -14,26 +14,75 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.StorageManager = exports.USER_COOKIE_MAX_AGE = exports.SESSION_COOKIE_MAX_AGE = void 0;
+exports.shouldUseCrossSubdomainCookie = shouldUseCrossSubdomainCookie;
 exports.createStorageManager = createStorageManager;
 const constants_1 = require("./constants");
 const globals_1 = require("./utils/globals");
 // Default cookie TTLs
 exports.SESSION_COOKIE_MAX_AGE = 1800; // 30 minutes
 exports.USER_COOKIE_MAX_AGE = 31536000; // 1 year
+// Platforms excluded from cross-subdomain cookies (following PostHog)
+const EXCLUDED_FROM_CROSS_SUBDOMAIN = [
+    "herokuapp.com",
+    "vercel.app",
+    "netlify.app",
+];
+/**
+ * Auto-detect if cross-subdomain cookies should be enabled
+ * Returns false for platforms like herokuapp.com, vercel.app, netlify.app
+ */
+function shouldUseCrossSubdomainCookie() {
+    var _a;
+    if (typeof document === "undefined") {
+        return false;
+    }
+    const hostname = (_a = document.location) === null || _a === void 0 ? void 0 : _a.hostname;
+    if (!hostname) {
+        return false;
+    }
+    const lastTwoParts = hostname.split(".").slice(-2).join(".");
+    for (const excluded of EXCLUDED_FROM_CROSS_SUBDOMAIN) {
+        if (lastTwoParts === excluded) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Get the cookie domain for cross-subdomain cookies
+ * Returns domain like ".example.com" or empty string for same-origin
+ */
+function getCookieDomain(cross_subdomain) {
+    var _a;
+    if (!cross_subdomain) {
+        return "";
+    }
+    if (typeof document === "undefined") {
+        return "";
+    }
+    const hostname = (_a = document.location) === null || _a === void 0 ? void 0 : _a.hostname;
+    if (!hostname) {
+        return "";
+    }
+    // Match domain pattern like "example.com" from "sub.example.com"
+    const matches = hostname.match(/[a-z0-9][a-z0-9-]+\.[a-z]{2,}$/i);
+    return matches ? `.${matches[0]}` : "";
+}
 /**
  * Unified Storage Manager
  * Provides consistent storage operations across all persistence methods
  */
 class StorageManager {
     constructor(options) {
-        var _a;
+        var _a, _b;
         this.memoryStorage = new Map();
         this.method = options.method;
-        this.domain = options.domain;
+        this.cross_subdomain =
+            (_a = options.cross_subdomain) !== null && _a !== void 0 ? _a : shouldUseCrossSubdomainCookie();
         this.sameSite = options.sameSite || "Lax";
         // Auto-detect secure flag from protocol
         this.secure =
-            (_a = options.secure) !== null && _a !== void 0 ? _a : (typeof location !== "undefined" && location.protocol === "https:");
+            (_b = options.secure) !== null && _b !== void 0 ? _b : (typeof location !== "undefined" && location.protocol === "https:");
     }
     // ============================================================================
     // Public API - Simple key-value operations
@@ -216,8 +265,10 @@ class StorageManager {
         if (this.secure) {
             cookieString += `; Secure`;
         }
-        if (this.domain) {
-            cookieString += `; domain=${this.domain}`;
+        // Auto-detect domain for cross-subdomain cookies
+        const domain = getCookieDomain(this.cross_subdomain);
+        if (domain) {
+            cookieString += `; domain=${domain}`;
         }
         document.cookie = cookieString;
     }
@@ -225,10 +276,12 @@ class StorageManager {
         if (typeof document === "undefined") {
             return;
         }
+        // Auto-detect domain for cross-subdomain cookies
+        const domain = getCookieDomain(this.cross_subdomain);
         // Set cookie with expired date
         let cookieString = `${name}=; Max-Age=0; path=/`;
-        if (this.domain) {
-            cookieString += `; domain=${this.domain}`;
+        if (domain) {
+            cookieString += `; domain=${domain}`;
         }
         document.cookie = cookieString;
         // Also try without domain (in case it was set without)
@@ -289,10 +342,10 @@ exports.StorageManager = StorageManager;
  * Create a shared storage instance
  * Use this for creating storage managers with consistent settings
  */
-function createStorageManager(method, domain) {
+function createStorageManager(method, cross_subdomain) {
     return new StorageManager({
         method,
-        domain,
+        cross_subdomain,
         sameSite: "Lax",
     });
 }

package/lib/types.d.ts

@@ -20,7 +20,7 @@ export interface VTiltConfig {
     name?: string;
     /** Project ID (set via init() first argument) */
     projectId?: string;
-    /** Domain to track (auto-detected if not provided) */
+    /** Domain to track (auto-detected if not provided) - used in event properties */
     domain?: string;
     /** Storage method for session data */
     storage?: PersistenceMethod;
@@ -28,7 +28,12 @@ export interface VTiltConfig {
     persistence?: PersistenceMethod;
     /** Persistence name prefix */
     persistence_name?: string;
-    /** Enable cross-subdomain cookies */
+    /**
+     * Enable cross-subdomain cookies.
+     * When true, cookies are shared across subdomains (e.g., app.example.com and www.example.com).
+     * Auto-detects false for platforms like herokuapp.com, vercel.app, netlify.app.
+     * @default true (except for excluded platforms)
+     */
     cross_subdomain_cookie?: boolean;
     /**
      * Person profiles mode:
@@ -97,7 +102,6 @@ export interface TrackingEvent {
     timestamp: string;
     event: string;
     project_id: string;
-    domain: string;
     distinct_id: string;
     anonymous_id?: string;
     payload: EventPayload;

package/lib/user-manager.d.ts

@@ -15,7 +15,7 @@ export declare class UserManager {
     private storage;
     private userIdentity;
     private _cachedPersonProperties;
-    constructor(storageMethod?: PersistenceMethod, domain?: string);
+    constructor(storageMethod?: PersistenceMethod, cross_subdomain?: boolean);
     /**
      * Get current user identity
      */
@@ -136,5 +136,5 @@ export declare class UserManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method: PersistenceMethod, domain?: string): void;
+    updateStorageMethod(method: PersistenceMethod, cross_subdomain?: boolean): void;
 }

package/lib/user-manager.js

@@ -18,11 +18,11 @@ const utils_1 = require("./utils");
 const event_utils_1 = require("./utils/event-utils");
 const storage_1 = require("./storage");
 class UserManager {
-    constructor(storageMethod = "localStorage", domain) {
+    constructor(storageMethod = "localStorage", cross_subdomain) {
         this._cachedPersonProperties = null; // Cache for deduplication
         this.storage = new storage_1.StorageManager({
             method: storageMethod,
-            domain,
+            cross_subdomain,
             sameSite: "Lax",
         });
         this.userIdentity = this.loadUserIdentity();
@@ -544,10 +544,10 @@ class UserManager {
     /**
      * Update storage method at runtime
      */
-    updateStorageMethod(method, domain) {
+    updateStorageMethod(method, cross_subdomain) {
         this.storage = new storage_1.StorageManager({
             method,
-            domain,
+            cross_subdomain,
             sameSite: "Lax",
         });
         // Reload identity from new storage

package/lib/vtilt.js

@@ -39,13 +39,8 @@ class VTilt {
         this._set_once_properties_sent = false; // Track if $set_once with initial props has been sent (only send once per page load)
         this.configManager = new config_1.ConfigManager(config);
         const fullConfig = this.configManager.getConfig();
-        // Auto-detect domain from location if not provided
-        let domain = fullConfig.domain;
-        if (!domain && globals_1.location) {
-            domain = this.getCurrentDomain();
-        }
-        this.sessionManager = new session_1.SessionManager(fullConfig.storage || "cookie", domain);
-        this.userManager = new user_manager_1.UserManager(fullConfig.persistence || "localStorage", domain);
+        this.sessionManager = new session_1.SessionManager(fullConfig.storage || "cookie", fullConfig.cross_subdomain_cookie);
+        this.userManager = new user_manager_1.UserManager(fullConfig.persistence || "localStorage", fullConfig.cross_subdomain_cookie);
         this.webVitalsManager = new web_vitals_1.WebVitalsManager(fullConfig, this);
         // Initialize rate limiter to prevent flooding
         // Default: 10 events/second with burst of 100
@@ -453,7 +448,6 @@ class VTilt {
             timestamp: new Date().toISOString(),
             event: name,
             project_id: config.projectId || "",
-            domain: config.domain || this.getCurrentDomain(), // Use config domain or current domain
             payload: processedPayload,
             distinct_id: distinct_id,
             // Always include anonymous_id in the event for identity linking
@@ -732,12 +726,8 @@ class VTilt {
         this.configManager.updateConfig(config);
         const fullConfig = this.configManager.getConfig();
         // Recreate managers with new config
-        let domain = fullConfig.domain;
-        if (!domain && globals_1.location) {
-            domain = this.getCurrentDomain();
-        }
-        this.sessionManager = new session_1.SessionManager(fullConfig.storage || "cookie", domain);
-        this.userManager = new user_manager_1.UserManager(fullConfig.persistence || "localStorage", domain);
+        this.sessionManager = new session_1.SessionManager(fullConfig.storage || "cookie", fullConfig.cross_subdomain_cookie);
+        this.userManager = new user_manager_1.UserManager(fullConfig.persistence || "localStorage", fullConfig.cross_subdomain_cookie);
         this.webVitalsManager = new web_vitals_1.WebVitalsManager(fullConfig, this);
     }
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@v-tilt/browser",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "description": "vTilt browser tracking library",
   "main": "dist/main.js",
   "module": "dist/module.js",