Frontend starting a session, when it shouldn't. #6196

Closed
bobdenotter opened this Issue Dec 22, 2016 · 4 comments

Projects

None yet

4 participants

@bobdenotter
Member
bobdenotter commented Dec 22, 2016 edited

The Bolt frontend still starts a session (in Bolt 3.2.4). Fresh setup, no extensions..

screen shot 2016-12-22 at 13 54 46

Pinging @CarsonF Could you look into this? I thought we fixed this.

@bobdenotter bobdenotter added the Bug label Dec 22, 2016
@CarsonF CarsonF was assigned by bobdenotter Dec 22, 2016
@maetthu
Contributor
maetthu commented Dec 22, 2016

(as discussed with @bobdenotter on Slack)

Within my environment, I can reproduce it with debug-mode (it's not publicly accessible, sorry). If I set debug: true, a session is started

HTTP/1.1 200 OK
Cache-Control: private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 22 Dec 2016 13:40:53 GMT
Server: nginx/1.10.1
Set-Cookie: bolt_session_X=Y; expires=Thu, 05-Jan-2017 13:40:53 GMT; Max-Age=1209600; path=/; domain=XXX; HttpOnly
Strict-Transport-Security: max-age=3600
Transfer-Encoding: chunked
X-Debug-Token: ef988a

, with debug: false, it is not:

HTTP/1.1 200 OK
Cache-Control: public, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 22 Dec 2016 13:42:32 GMT
Server: nginx/1.10.1
Strict-Transport-Security: max-age=3600
Transfer-Encoding: chunked

A deployment run does clear out the cache folder though, but sessions are configured to use a redis host instead of local storage, so previously started sessions are still available.

I don't have any publicly available extensions installed, but I do have some local ones - none of which are accessing session data, or at least not directly.

@GawainLynch
Member
@bobdenotter
Member
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment