-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: Session does not use cookies() #5656
Conversation
hy kenji, i have problem after this commit. I am using myth auth and login with ajax. i see response for Set Cookie order was different before this commit. please you can see my repo this use case |
this problem i found when using version 4.2.0 and earlier, but there is no problem for version 4.1.9 and older |
Yes, it may change the order. |
so it's confirm it will change the order of Set Cookie, The problem is when i am using myth auth for authentication with ajax, the Set Cookie order was changed after version 4.2.0 In AuthenticationBase in myauth, after we successfully loggin, they regenerate the session, i don't know how it work, but when we regenerate session, there is will Set Cookie for new session, but in V 4.2.0, the problem was Set Cookie order was changed. this problem didn't appear if we use redirrect response and not using ajax maybe you can see my repo if you can help me with this commit issue. I already compare Set Cookie order for this project only success until version 4.1.9 before this commit Thanks |
You mean, after successful login, CI sends two session cookies? |
yes if i use ajax method @kenjis |
should i send a screenshoot ? |
i have a question, what is Set Cookie was send if we regenerate session by default ? |
It seems this bug is related to Apache. But in this case, it may be a bit different from the PHP bug. |
Did you redirect with return redirect()->back()->withCookies(); https://codeigniter4.github.io/CodeIgniter4/general/common_functions.html#redirect |
It seems this is a bug in the framework Session. As a workaround, |
I don't have problem with page request, the problem only appear if i use ajax, |
Okay thanks, so that was i done for resolve this case, thanks kenjis |
I don't know why this issue appears only on Ajax. |
I think so, because at v 4.1.9, there are 2 Set Cookie, the different just only in ordering as you can see on picture above |
But this was very clear for me "Servers SHOULD NOT include more than one Set-Cookie header field in the same response with the same cookie-name. (See Section 5.2 for how user agents handle this case.)" |
I created an issue for this: #6166 |
Description
Checklist: