New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie gets set on 404 responses #2357

Closed
michael-e opened this Issue Feb 21, 2015 · 5 comments

Comments

Projects
None yet
3 participants
@michael-e
Member

michael-e commented Feb 21, 2015

On successful responses (status 200) Symphony does not set cookies if it is not necessary (i.e. if there is no session data).

But when a 404 response is sent by Symphony, there will be a cookie set. The corresponding response header will look like:

Set-Cookie: PHPSESSID=328obld6vdphsqndsgf5bt34o5; expires=Sat, 07-Mar-2015 09:24:59 GMT; path=/; HttpOnly

You can test this in a terminal window using curl:

curl -I http://example.com/non-existent-page/

I verified this issue with the latest integration code and an older Symphony 2.3.6 install — so obviously this behaviour is not new.

@michael-e

This comment has been minimized.

Show comment
Hide comment
@michael-e

michael-e Feb 21, 2015

Member

I should add that the cookie gets set no matter if you use a dedicated 404 page or Symphony's generic error page.

Member

michael-e commented Feb 21, 2015

I should add that the cookie gets set no matter if you use a dedicated 404 page or Symphony's generic error page.

@nitriques

This comment has been minimized.

Show comment
Hide comment
@nitriques

nitriques Feb 21, 2015

Member

Hum that's not cool. Will check.

Member

nitriques commented Feb 21, 2015

Hum that's not cool. Will check.

@brendo

This comment has been minimized.

Show comment
Hide comment
@brendo

brendo Feb 22, 2015

Member

Interesting. This is likely because a 404 is raised as an Exception, and thereby handled by the error handler, not the usual launcher. The usual launcher has some code to cleanup cookies and the like, whereas the exception handler does not. It simply outputs the header and exception content.

All fixed now.

Member

brendo commented Feb 22, 2015

Interesting. This is likely because a 404 is raised as an Exception, and thereby handled by the error handler, not the usual launcher. The usual launcher has some code to cleanup cookies and the like, whereas the exception handler does not. It simply outputs the header and exception content.

All fixed now.

@brendo brendo self-assigned this Feb 22, 2015

@brendo brendo added this to the 2.6.0 milestone Feb 22, 2015

@michael-e

This comment has been minimized.

Show comment
Hide comment
@michael-e

michael-e Feb 22, 2015

Member

Confirmed, thanks a lot!

Member

michael-e commented Feb 22, 2015

Confirmed, thanks a lot!

@michael-e michael-e closed this Feb 22, 2015

@nitriques

This comment has been minimized.

Show comment
Hide comment
@nitriques

nitriques Feb 24, 2015

Member

Great!

Member

nitriques commented Feb 24, 2015

Great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment