Details
-
Bug
-
Resolution: Fixed
-
High
-
2.3.2, 2.4.0
-
None
Description
After logging into the Back Office without any cookies set and Redis as a session handler the eZSESSID cookie is set twice.
Steps to reproduce:
1. Clean installation of eZ Platform v2 + Redis server
2. Apache + libapache2-mod-php (It will not reproduce on nginx or mod_fcgi!)
3. In default_parameters.yml set (you may to change save_path to match your Redis config):
ezplatform.session.save_path: 'tcp://localhost:6379'
ezplatform.session.handler_id: ezplatform.core.session.handler.native_redis
4. Clear cache
5. Go to the Backoffice login page, don't log yet.
6. Open browser devtools and delete all cookies.
7. Log into the Backoffice.
Result:
The login_check request return response headers (example) with cookie set twice:
Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=t6frat2ovajf4ku864ue43rg68; path=/; HttpOnly
Set-Cookie: eZSESSID21232f297a57a5a743894a0e4a801fc3=b7jtqnhfc0g5idui2kdtqpuftc; path=/; HttpOnly
Set-Cookie: eZSESSID98defd6ee70dfb1dea416cecdf391f58=b7jtqnhfc0g5idui2kdtqpuftc; path=/; httponly
Expected result:
A session cookie is only set once.