Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF fails after relogin #77

Closed
samdark opened this issue Apr 1, 2020 · 7 comments
Closed

CSRF fails after relogin #77

samdark opened this issue Apr 1, 2020 · 7 comments
Labels
type:bug Bug

Comments

@samdark
Copy link
Member

samdark commented Apr 1, 2020

  1. Login.
  2. Logout.
  3. Try to login again.

Expected to log in. Got CSRF protection responding with "Unprocessable entity".
@samdark samdark added the type:bug Bug label Apr 1, 2020
@TiaNex-Com
Copy link

TiaNex-Com commented Apr 7, 2020
edited
Loading

the session or $this->session->get(''_csrf") was flushed after login

$this->session->set($this->name, $token); set session failed

very time when class csrf init with a new SessionInterface $session , the session is not the existed one,

@samdark
Copy link
Member Author

samdark commented Apr 7, 2020

Seems PHPSESSID cookie keeps its value after logout. If it's deleted, it works well.

@samdark
Copy link
Member Author

samdark commented Apr 7, 2020

Likely Session::destroy() is missing something.

@rustamwin
Copy link
Member

It looks like SessionMiddleware is not working properly after yiisoft/yii-web@4876355

@samdark
Copy link
Member Author

samdark commented Apr 7, 2020
edited
Loading

Likely. Want to dig it more?

@rustamwin rustamwin mentioned this issue Apr 7, 2020
Merged
@samdark
Copy link
Member Author

samdark commented Apr 8, 2020

yiisoft/yii-web#240

@samdark samdark closed this as completed Apr 8, 2020
@TiaNex-Com
Copy link

thank you

@rossaddison rossaddison mentioned this issue Sep 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samdark @TiaNex-Com @rustamwin