8000 Session is not being created after upgrade to 5.4.1 · Issue #44546 · symfony/symfony · GitHub
[go: up one dir, main page]

Skip to content

Session is not being created after upgrade to 5.4.1 #44546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
verng95 opened this issue Dec 10, 2021 · 8 comments
Closed

Session is not being created after upgrade to 5.4.1 #44546

verng95 opened this issue Dec 10, 2021 · 8 comments

Comments

@verng95
Copy link
verng95 commented Dec 10, 2021

Symfony version(s) affected

5.4.1 or 6.0.1

Description

After upgrading to version 5.4.1/6.0.1, the session stopped working. As a result of the search, I realized that the problem was with this #44437, if you roll it back, it became normal.

How to reproduce

if framework.session.cookie_secure: auto is set, then:

  • https connections will create a session
  • http connections will not create a session

Possible Solution

File src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php Line 32:

If you replace this:

$sessionCookieWithId = sprintf('%s%s;', $sessionCookiePrefix, urlencode($sessionId));

On

$sessionCookieWithId = sprintf(' %s%s;', $sessionCookiePrefix, urlencode($sessionId));

That works correctly.

Additional Context

No response

@nicolas-grekas
< 8000 /span> Copy link
Member

Thanks for the details. Would you like sending a PR with the fix and a test case?

@verng95
Copy link
Author
verng95 commented Dec 10, 2021

Thanks for the details. Would you like sending a PR with the fix and a test case?

Ok, I guess I'll do it.

@fritzmg
Copy link
Contributor
fritzmg commented Dec 10, 2021

@verng95 can you confirm, that this currently only affects http connections and not secure connection via https (assuming you use framework.session.cookie_secure: auto)?

@verng95
Copy link
Author
verng95 commented Dec 10, 2021

@verng95 can you confirm, that this currently only affects http connections and not secure connection via https (assuming you use framework.session.cookie_secure: auto)?

@fritzmg Yes, indeed. Now I turned off framework.session.cookie_secure and it worked. So the problem is in auto.

@fritzmg
Copy link
Contributor
fritzmg commented Dec 10, 2021

Just to clarify - what we observe is the following:

if framework.session.cookie_secure: auto is set, then:

  • https connections will create a session
  • http connections will not create a session

@alexander-schranz
Copy link
Contributor

@verng95 Thank you for the report. It seems currently auto is not correctly handled here:

$sessionCookieSecure = $this->sessionOptions['cookie_secure'] ?? false;

If $sessionCookieSecure would be auto we need to handle that. I need first check where cookie_secure: auto was handled before. But I'm definetly sure that, that line is causing the issue as auto is now interperted as true.

@alexander-schranz
Copy link
Contributor

Can you try out #44518 this should fix the issue with cookie_secure not being handled.

@fritzmg
Copy link
Contributor
fritzmg commented Dec 15, 2021

I can confirm that #44518 would fix the problem for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants
0