Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Session's cookie domain (and possibly other attributes) is not handled (set) properly in some cases #121

Closed
smuuf opened this issue Mar 16, 2017 · 2 comments

Comments

@smuuf
Copy link

@smuuf smuuf commented Mar 16, 2017

  • Bug report? yes
  • Feature request? no
  • Version: discovered in v2.3.8 (still present in v2.4.4)

Description

If Nette\Http\Session instance is configured using camelCase-styled option names, eg. cookiePath, cookieDomain, etc. (as it is presented in docs: https://doc.nette.org/cs/2.3/sessions). and the client does this:

  1. (new request)
  2. Set up the Session instance
    • Either with $session->setOptions(["cookieDomain" => ".domain.com"])
    • Or in Nette framework using .neon config
  3. Start the session (do not output anything yet)
  4. Close the session (do not output anything yet)
  5. Start the session again (we should able to, we did not send any output yet)

The Nette\Http\Response's setCookie() method is being fired twice (and that's ok). But: the second call does NOT send the cookie's domain property properly - it is empty (as in PHP's default).

If Nette\Http\Session instance is configured using underscore_case-styled option names (eg. cookie_path, cookie_domain), everything works fine.

Steps To Reproduce

Minimum reproduction code: sessions_bug.zip

Expected behaviour

"Correct" (workaround-y) options:

$optionsOK = [
	"cookie_path" => "/",
	"cookie_domain" => ".domainok.com",
];

Expected output:

$ php index.php
Array
(
    [name] => PHPSESSID
    [value] => 3aeue4lsjhrhqs8de8ao8ilbp0
    [time] => 0
    [path] => /
    [domain] => .domainok.com
    [secure] =>
    [httpOnly] => 1
)

Array
(
    [name] => PHPSESSID
    [value] => fgas2ttl3eku0ns6eth8c39r97
    [time] => 0
    [path] => /
    [domain] => .domainok.com
    [secure] =>
    [httpOnly] => 1
)

Actual behaviour:

Options:

$optionsBug = [
	"cookiePath" => "/",
	"cookieDomain" => ".domainbug.com",
];

Output:

$ php index.php
Array
(
    [name] => PHPSESSID
    [value] => n441tegtvgc2u87j8jkmkvt4o1
    [time] => 0
    [path] => /
    [domain] => .domainbug.com
    [secure] =>
    [httpOnly] => 1
)

Array
(
    [name] => PHPSESSID
    [value] => 3k8ercr7pe42ln86l9kn2t6836
    [time] => 0
    [path] => /
    [domain] =>
    [secure] =>
    [httpOnly] => 1
)
@dg dg closed this in c2a627f Mar 16, 2017
dg added a commit that referenced this issue Mar 16, 2017
… of configure() [Closes #121]
dg added a commit that referenced this issue Mar 16, 2017
… of configure() [Closes #121]
dg added a commit that referenced this issue Mar 16, 2017
… of configure() [Closes #121]
@dg

This comment has been minimized.

Copy link
Member

@dg dg commented Mar 16, 2017

Thanks for the great written report.

dg added a commit that referenced this issue Mar 16, 2017
… of configure() [Closes #121]
@smuuf

This comment has been minimized.

Copy link
Author

@smuuf smuuf commented Mar 16, 2017

Well, thanks to you, too, for fixing it. I was tracking this thing for three days straight, since our users weren't - in some cases - able to login; after update from Nette 2.0 to 2.3.

I'm glad I finally figured it out and that I was able to help you to fix it. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.