You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 25, 2021. It is now read-only.
BTW Maybe another cookie related bug: If I log into the panel and then switch with Option + Command + R into Safari's Responsive Design Mode and then do a reload, I am immediately logged out. Even on a fresh installation, even with @distantnative 's patch. So unfortunately if you want to debug something in the frontend with logged in users in Safari's Responsive Design Mode – no chance.
I've checked with other web apps (Piwik, Harvest) for the same behaviour, but there I am staying logged-in. I googled briefly if Safari's Responsive Design Mode is known for deleting / altering cookies but so far I found nothing.
I think it's related to the user agent string. We use the agent string to create a finger print to avoid session hijacking. It's an OWASP recommendation and I don't know why the other's don't do this as well. We might need to reconsider it though. @lukasbestle what do you think about this?
I'm not sure either. I think we should keep the fingerprinting for security. But maybe we could remove the user agent from it as it can be faked anyway. The IP address is probably a better fingerprint.
(Source: https://forum.getkirby.com/t/safaris-responsive-design-mode-causes-panel-sign-out/3325)
The text was updated successfully, but these errors were encountered: