Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29814

eZSESSID cookie is set twice after logging in to Back Office

    Details

      Description

      After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.

      Steps to reproduce:
      1. Clean installation of eZ Platform v2 + Redis server
      2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
      3. In default_parameters.yml set (you may to change save_path to match your Redis config):

      ezplatform.session.save_path: 'tcp://localhost:6379'
      ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
      

      4. Clear cache
      5. Go to the Backoffice login page, don't log yet.
      6. Open browser devtools and delete all cookies.
      7. Log into the Backoffice.

      Result:
      The login_check request return response headers (example) with cookie set twice:

      Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly
      Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
      Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly

      Expected result:
      A session cookie is only set once.

        Activity

        Mateusz Bieniek created issue -
        Mateusz Bieniek made changes -
        Field Original Value New Value
        Link This issue relates to CS-7024 [ CS-7024 ]
        Mateusz Bieniek made changes -
        Status Open [ 1 ] Confirmed [ 10037 ]
        Mateusz Bieniek made changes -
        Status Confirmed [ 10037 ] InputQ [ 10001 ]
        Mateusz Bieniek made changes -
        Description After logging into the Back Office the eZSESSID cookie is set twice.

        *Steps to reproduce:*
        1. Clean installation of eZ Platform v2
        2. Open browser in Incognito mode (or make sure there are no cookies set)
        3. Log into the BO

        *Result:*
        The {{login_check}} request return response headers (example) with cookie set twice:
        {code}
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=gprh1qnr58kstgtkgdiaho37o3; path=/; HttpOnly
        Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=gprh1qnr58kstgtkgdiaho37o3; path=/; httponly
        {code}

        *Expected result:*
        Session coockie is only set once.
        After logging into the Back Office the eZSESSID cookie is set twice.

        *Steps to reproduce:*
        1. Clean installation of eZ Platform v2
        2. Open browser in Incognito mode (or make sure there are no cookies set)
        3. Log into the BO

        *Result:*
        The {{login_check}} request return response headers (example) with cookie set twice:
        {code}
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=31cc4e097e40e097e75c85854b908220; path=/; HttpOnly
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=gprh1qnr58kstgtkgdiaho37o3; path=/; httponly
        {code}

        *Expected result:*
        Session coockie is only set once.
        Mateusz Bieniek made changes -
        Description After logging into the Back Office the eZSESSID cookie is set twice.

        *Steps to reproduce:*
        1. Clean installation of eZ Platform v2
        2. Open browser in Incognito mode (or make sure there are no cookies set)
        3. Log into the BO

        *Result:*
        The {{login_check}} request return response headers (example) with cookie set twice:
        {code}
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=31cc4e097e40e097e75c85854b908220; path=/; HttpOnly
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=gprh1qnr58kstgtkgdiaho37o3; path=/; httponly
        {code}

        *Expected result:*
        Session coockie is only set once.
        After logging into the Back Office the eZSESSID cookie is set twice.

        *Steps to reproduce:*
        1. Clean installation of eZ Platform v2
        2. The open browser in Incognito mode (or make sure there are no cookies set)
        3. Log into the BO

        *Result:*
        The {{login_check}} request return response headers (example) with cookie set twice:
        {code}
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=31cc4e097e40e097e75c85854b908220; path=/; HttpOnly
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=gprh1qnr58kstgtkgdiaho37o3; path=/; httponly
        {code}

        *Expected result:*
        A session cookie is only set once.
        Mateusz Bieniek made changes -
        Description After logging into the Back Office the eZSESSID cookie is set twice.

        *Steps to reproduce:*
        1. Clean installation of eZ Platform v2
        2. The open browser in Incognito mode (or make sure there are no cookies set)
        3. Log into the BO

        *Result:*
        The {{login_check}} request return response headers (example) with cookie set twice:
        {code}
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=31cc4e097e40e097e75c85854b908220; path=/; HttpOnly
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=gprh1qnr58kstgtkgdiaho37o3; path=/; httponly
        {code}

        *Expected result:*
        A session cookie is only set once.
        After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.

        Steps to reproduce:
        1. Clean installation of eZ Platform v2 + Redis server
        2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
        3. In {{default_parameters.yml}} set (you may to change {{save_path}} to match your Redis config):
        {code}
        ezplatform.session.save_path: 'tcp://localhost:6379'
        ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
        {code}
        4. Clear cache
        5. Go to the Backoffice login page, don't log yet.
        6. Open browser devtools and delete all cookies.
        7. Log into the Backoffice.

        *Result:*
        The login_check request return response headers (example) with cookie set twice:
        {code}
        +Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly+
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
        Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly
        {code}

        *Expected result:*
        A session cookie is only set once.
        Mateusz Bieniek made changes -
        Description After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.

        Steps to reproduce:
        1. Clean installation of eZ Platform v2 + Redis server
        2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
        3. In {{default_parameters.yml}} set (you may to change {{save_path}} to match your Redis config):
        {code}
        ezplatform.session.save_path: 'tcp://localhost:6379'
        ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
        {code}
        4. Clear cache
        5. Go to the Backoffice login page, don't log yet.
        6. Open browser devtools and delete all cookies.
        7. Log into the Backoffice.

        *Result:*
        The login_check request return response headers (example) with cookie set twice:
        {code}
        +Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly+
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
        Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly
        {code}

        *Expected result:*
        A session cookie is only set once.
        After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.

        Steps to reproduce:
        1. Clean installation of eZ Platform v2 + Redis server
        2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
        3. In {{default_parameters.yml}} set (you may to change {{save_path}} to match your Redis config):
        {code}
        ezplatform.session.save_path: 'tcp://localhost:6379'
        ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
        {code}
        4. Clear cache
        5. Go to the Backoffice login page, don't log yet.
        6. Open browser devtools and delete all cookies.
        7. Log into the Backoffice.

        *Result:*
        The login_check request return response headers (example) with cookie set twice:
        {quote}
        +Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly+
        Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
        Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly
        {quote}

        *Expected result:*
        A session cookie is only set once.
        Mateusz Bieniek made changes -
        Kamil Madejski made changes -
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Kamil Madejski made changes -
        Affects Version/s 2.4.0 [ 15091 ]
        Kamil Madejski made changes -
        Assignee Kamil Madejski [ kamil.madejski@ez.no ]
        Status InputQ [ 10001 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Mateusz Bieniek
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: