-
-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Some session data got lost when trying to set session with big payload #3441
Comments
Thanks @wallseat - good find! Once cookies get above a certain size, we chunk them and store across multiple cookies. When this happens, cookies get stored with an enumeration, e.g., In this case, the session is persisted in the headers for the first time when the request to After authentication, when the size of the session is much larger due to the presence of the tokens, the serialized session is greater than the chunk size, so the session cookie gets chunked and stored under There is an issue with the algorithm that detects cookies that should be cleared under the condition where the cookie grows in size greater than a single chunk, and that is what we're hitting here. The original |
Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441
Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441
Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441
@all-contributors add @wallseat for bug |
I've put up a pull request to add @wallseat! 🎉 |
Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441
* fix: clear session cookie if new session gt CHUNK_SIZE Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441 * Update litestar/middleware/session/client_side.py Co-authored-by: Jacob Coffee <jacob@z7x.org> * refactor: use dataclass utils to iterate over Cookie fields --------- Co-authored-by: Jacob Coffee <jacob@z7x.org>
This issue has been closed in #3446. The change will be included in the upcoming patch release. |
Thx @peterschutt ! |
* fix: clear session cookie if new session gt CHUNK_SIZE Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441 * Update litestar/middleware/session/client_side.py Co-authored-by: Jacob Coffee <jacob@z7x.org> * refactor: use dataclass utils to iterate over Cookie fields --------- Co-authored-by: Jacob Coffee <jacob@z7x.org> (cherry picked from commit 0670551)
* fix: clear session cookie if new session gt CHUNK_SIZE Fix an issue where the connection session cookie is not cleared if the response session is stored across multiple cookies. Closes #3441 * Update litestar/middleware/session/client_side.py Co-authored-by: Jacob Coffee <jacob@z7x.org> * refactor: use dataclass utils to iterate over Cookie fields --------- Co-authored-by: Jacob Coffee <jacob@z7x.org> (cherry picked from commit 0670551)
A fix for this issue has been released in v2.9.0 |
Description
I'm trying to store acess and refresh tokens in request.session with some other user data, and got an error. In middleware
AuthRequiredMiddleware
i have no user data, but it should be. If I remove two long fields with tokens, it works normaly.Additionaly, i got a second issue -
SerializationException
when it trying to decode session with big payload, but can't reproduce itURL to code causing the issue
No response
MCVE
Steps to reproduce
Screenshots
No response
Logs
No response
Litestar Version
2.8.2
Platform
WSL 2.1.5.0 + Ubuntu 22.04
Note
While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.
Check out all issues funded or available for funding on our Polar.sh dashboard
The text was updated successfully, but these errors were encountered: