Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seaside issues multiple cookies for different paths #915

Closed
theseion opened this issue May 27, 2017 · 5 comments
Closed

Seaside issues multiple cookies for different paths #915

theseion opened this issue May 27, 2017 · 5 comments
Assignees
@theseion
Labels
bug
Milestone
3.3

Comments

@theseion
Copy link
Member

theseion commented May 27, 2017
edited
Loading

Redirects on a page can cause Seaside to issue multiple session cookies. Example

  1. client goes to example.com/some/path/
  2. Seaside issues session cookie which the browser saves with an implicit path of '/some/path/'
  3. client goes to example.com/other/
  4. Seaside issues a second session cookie which the browser saves with an implicit path of 'other/

This is bad for two reasons three reasons:
This was referenced May 27, 2017
Closed
Closed
@theseion
Copy link
Member Author

Setting the session cookie path to '/' fixes this. Maybe this should be configurable somehow, as there may be valid use cases for having multiple session cookies for different paths on the same domain.

See also issue #917

@theseion theseion self-assigned this May 27, 2017
@theseion theseion added the bug label May 27, 2017
@theseion theseion added this to the 3.3 milestone May 27, 2017
@marschall
Copy link
Contributor

I don't think setting the session cookie path to / is a good idea. Different WAApplication instances under different paths must no share sessions or session cookies.

In the example you give, what is the path of the WAApplication?

@theseion
Copy link
Member Author

That is true. So it should probably be the path of the application. My use case is a bit different, as I need to map requests to the proxy server on to an application, e.g. '/some/path' is mapped to '/application/some/path'. That means, that I need to set the path on the cookie as '/', not '/application'. But I can make that a behaviour specific to our application.

The path of the application in the example would be '/application'.

@marschall
Copy link
Contributor

Yes, it should be the path of the application, but that should already be happening, see WARequestContext >> #newCookie.

If you do not want to rewrite the cookie paths in your proxy server and do not want to make the the paths in the proxy server and Seaside match my recommendation would be to implement a custom WACookieSessionTrackingStrategy. There you can do exactly what you need.

@theseion
Copy link
Member Author

You're right. The problem in my case was that I have set my application url to '/', which, because of issue #917, was set to the empty path. A fix for #917 should, therefore, also fix this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theseion theseion

Labels
bug
Projects
None yet
Milestone
3.3
Development

No branches or pull requests
2 participants
@theseion @marschall