Version 1.4 not backwards compatible

[leofeyer]

Using Contao 4.4 with version 1.4 of the header-replay-bundle breaks Contao's autologin functionality, therefore I assume that version 1.4 is not backwards compatible?

[Toflar]

Imho it's fully BC, please provide more info.

[leofeyer]

• Install Contao 4.4 with version 1.3 of the header replay bundle.
• Log in in the front end and create an autologin cookie.
• Update to version 1.4 of the header replay bundle.
• Make sure the PHP session cookie is gone (e.g. log out of the back end).
• Open the front end.

Expected: I am logged in automatically.
Actual: I am not logged in automatically.

[leofeyer]

In case it helps: if I reload the page twice (meaning upon the third request), I am actually logged in automatically with version 1.4. With version 1.3 I am logged in automatically upon the first request.

[aschempp]

Most likely because the user is authenticated but the authentication cookie is lost in the preflight request :-(

[Toflar]

The cookie is not lost, it's replayed onto the second request.

[aschempp]

Is it? If the initial request was not successful?

[Toflar]

Of course not, then it's just passed on to the application, not a problem of the bundle anymore.

[Toflar]

I don't think there's ever been a BC break here but I've adjusted the way cookies are replayed in 1f1f504 so the upcoming 1.4.2 might fix your issue.

[Toflar]

I tried to reproduce, works perfectly fine in both versions, 1.4.1 as well as the current 1.4.2 hotfix.

[Toflar]

Even 1.4.0 works.

[joeherold]

@Toflar works, no problem so far with Contao 4.4.13 and "terminal42/header-replay-bundle": "dev-hotfix/1.4.2 as 1.3.2"

[joeherold]

ups, my auto login page runs on a different subdomain. so this will not reproduce the issue described by @leofeyer

[leofeyer]

Now it works with version 1.4.1 on my system, too. WTF?

[Toflar]

Ok, releasing then :-)