Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use at most one valid session cookie per request #1581

Merged
merged 1 commit into from Feb 11, 2019

Conversation

Projects
None yet
2 participants
@nytopop
Copy link
Contributor

nytopop commented Feb 10, 2019

Makes loadClientSession ignore all sessions in a request if more than a single session cookie decodes successfully. The prior behavior was to merge all valid session cookies' values.

Bumps version to 1.6.11.1.

Not sure if this counts as a bugfix or breaking change that would require 1.7.

Closes #994, I figured after 3 years it's probably fair game 馃檪. Feel free to close if you don't think this change is warranted anymore.

Before submitting your PR, check that you've:

  • Bumped the version number

After submitting your PR:

  • Update the Changelog.md file with a link to your PR
  • Check that CI passes (or if it fails, for reasons unrelated to your change, like CI timeouts)

@nytopop nytopop force-pushed the nytopop:no-multi-session-cookies branch from ab04a96 to 53cc1e1 Feb 10, 2019

@snoyberg
Copy link
Member

snoyberg left a comment

Minor comment on the version number, otherwise LGTM. Thanks!

@@ -1,5 +1,5 @@
name: yesod-core
version: 1.6.11
version: 1.6.11.1

This comment has been minimized.

Copy link
@snoyberg

snoyberg Feb 10, 2019

Member

This should be a minor version bump, to 1.6.12, since it does affect behavior.

This comment has been minimized.

Copy link
@nytopop

nytopop Feb 11, 2019

Author Contributor

Fixed 馃憤 and rebased to fix the commit message.

Use at most one valid session cookie per request
Makes `loadClientSession` ignore all sessions in a request if more than
a single session cookie decodes successfully. The prior behavior was to
merge all valid session cookies' values.

Bumps version to 1.6.12

@nytopop nytopop force-pushed the nytopop:no-multi-session-cookies branch from 53cc1e1 to 70b730c Feb 11, 2019

@snoyberg snoyberg merged commit 90fa4d9 into yesodweb:master Feb 11, 2019

0 of 2 checks passed

continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@snoyberg

This comment has been minimized.

Copy link
Member

snoyberg commented Feb 11, 2019

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can鈥檛 perform that action at this time.