Using cookie instead of http session so we can strip Domain attribute.

src/schat.js

@@ -17,10 +17,9 @@ const instance = process.env.NODE_APP_INSTANCE || 'main';
 logger.setLevel(argv.level || 'info');
 
 async function auth() {
-	const httpSession = bhttp.session();
 	const username = config.uniqueUsername ? `${config.user.username}-${new Date().getTime().toString().slice(-5)}` : config.user.username;
 
-	const res = await httpSession.post(`${config.api}/session`, {
+	const res = await bhttp.post(`${config.api}/session`, {
 		...config.user,
 		username,
 	}, {
@@ -35,13 +34,17 @@ async function auth() {
 
 	return {
 		user: res.body,
-		httpSession,
+		// auth may return an explicit auth cookie domain, but we connect through the VPN domain that would break the cookie, so don't use a bhttp session and strip the domain
-		sessionCookie: res.headers['set-cookie'][0],
+		sessionCookie: res.headers['set-cookie'][0].replace(/Domain=.*;/, ''),
 	};
 }
 
-async function getWsId(httpSession) {
+async function getWsId(sessionCookie) {
-	const res = await httpSession.get(`${config.api}/socket`);
+	const res = await bhttp.get(`${config.api}/socket`, {
+		headers: {
+			cookie: sessionCookie,
+		},
+	});
 
 	if (res.statusCode !== 200) {
 		throw new Error(`Failed to retrieve WebSocket ID: ${res.body.toString()}`);
@@ -135,11 +138,10 @@ async function connect(bot, games) {
 
 	socket.connect = async () => {
 		try {
-			const { user, httpSession, sessionCookie } = await auth();
+			const { user, sessionCookie } = await auth();
-			const wsCreds = await getWsId(httpSession);
+			const wsCreds = await getWsId(sessionCookie);
 
 			bot.user = user;
-			bot.httpSession = httpSession;
 
 			logger.info(`Attempting to connect to ${config.socket}`);