Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29814

eZSESSID cookie is set twice after logging in to Back Office

    XMLWordPrintable

    Details

      Description

      After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.

      Steps to reproduce:
      1. Clean installation of eZ Platform v2 + Redis server
      2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
      3. In default_parameters.yml set (you may to change save_path to match your Redis config):

      ezplatform.session.save_path: 'tcp://localhost:6379'
      ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
      

      4. Clear cache
      5. Go to the Backoffice login page, don't log yet.
      6. Open browser devtools and delete all cookies.
      7. Log into the Backoffice.

      Result:
      The login_check request return response headers (example) with cookie set twice:

      Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly
      Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
      Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly

      Expected result:
      A session cookie is only set once.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mateusz.bieniek@ez.no Mateusz Bieniek
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: