-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two PHPSESSID cookies #42
Comments
It looks like this is the same issue as detailed in closed Issue #29. |
Thank you! Can you share the browser (name and version) that you're testing this in? Cookie handling is often specific to individual browsers. The fact that The first case might be due to different cookie settings, e.g. the The second case is definitely related to the other issue that you referenced. Can you try the steps that I suggested there for us to be able to re-produce this behavior? Thanks! |
Hi @ocram, I'm involved in dealing with this issue, too. We've noticed this issue definitely on Chromium ( I've actually refrained from clearing my cookies in one particular browser session so I can test this problem. The "old" cookie (pre-php-auth) is much like this: Name: PHPSESSID The new cookie (I believe created by php-auth) is: Name: PHPSESSID It is domain and send for that differ. I don't think that using a different session.name would be a problem, but I will have to check. We will attempt to reproduce the other error for you as well. Thanks for your help! |
I left a comment on #29. I was able to duplicate, but had to modify your described process slightly. See the comment for details. |
Thank you! The explanation and the possible solution that I suggested in #29 do probably affect your second problem described at the top, right? Though I'm not sure about the first problem. |
The first problem is definitely caused by individual cookie attributes that don’t match between the old and the new cookies, and you have found those bad attributes already. The second problem is because this library does not work on subdomains other than |
This has finally been fixed: #29 Thank you for your help! |
We are having an issue with two PHPSESSID cookies being created or a previously existing PHPSESSID cookie not being cleared after we implement php-auth.
$auth->check() passes at login but subsequently fails if we do not clear one of the cookies.
This seems to be happening in two circumstances:
$auth->check() passes at login but subsequently fails if we do not clear one of the cookies.
Any ideas on what the issue / solution may be?
The text was updated successfully, but these errors were encountered: