-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix path and secure flag of cookie_test #27549
Conversation
I baked this cookie taking inspiration from the other cookies in that file, so I think now the path and secure flag should be correct. cc @phisch @DeepDiver1975 @Peter-Prochaska |
@jesmrec , could you have a look with the mobile apps? Thanks. |
I suspect that the problem only appears on environments where ownCloud is hosted in a subfolder, like "/owncloud". If it's hosted on the root of the vhost, the path will be correct since it defaults to "/". |
b512db1
to
87f7ae5
Compare
Tried testing this with the desktop client. If you send the cookie only when checking supportsCookies and you call supportsCookies only once from logClientIn then there was no chance to get the cookie even. I also don't see the desktop client session in index.php/settings/personal?sectionid=security so no token was created. |
you need to set the cookie when sending the first 401 |
I'll have a look to the Android app. |
@guruz indeed, I have the feeling this could never have worked |
I do wonder how the iOS client works then ? @jesmrec From the code path it looks like the iOS client would need to login twice, the first login would receive the cookie and the second login will tell the code that cookies work. Unless maybe the first request receives a 401 with challenge ? But I don't think |
Sorry, i have rechecked this issue. Both mobile clients are not sending the cookie in all requests. The cookie is received in the first OK response (propfind 207), but not resent in all the following requests. Needs to be checked deeply @davivel. |
Maybe related with #26651 (comment)
the first cookie contains the path, but the second does not.
Both cases are tested with patched servers. |
@jesmrec , in the second case (server not in root path), are the mobile clients sending |
@jesmrec , if I recall correctly, in the first case, the requests to Webdav path are sending That would be a correct behaviour. If The confusing part is that the PR seems to set a path. @PVince81 , is it possible that |
@davivel @jesmrec The server is broken anyway because it does not send the cookie at the right place: #27549 (comment) |
Cannot work, likely needs a different approach |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Fixes #26651
@ogoffart @davivel please test