Details
Description
Anytime I try to access a Content Object for the third time (3 clicks in content tree, or Open->edit->publish->open again) I'm getting logged out of the Ibexa Admin.
On Ibexa 3.3.x it happens on requesting
GET /admin/notifications/count HTTP/1.1
On Ibexa 4.4 it happens on requesting the User Avatar:
…user/default_profile_image/initials.svg?initials=MS#profile_image
Subsequently /load-subtree and /graphql fail with a "not authorized" response, as well as a redirect to /login.
Refreshing the page redirects to /login as well.
On 3.3., after loggin in again, accessing the content-tree is not possible anymore, unless cookies and cache are cleared in the browser.
It only happens on Safari.
It only happens with activated browser cache.
Disabling browser cache in Safari's Dev-Tools prevents the issue from happening completely.
Same goes for using an Incognito window.
On the first two requests the request headers are fine:
GET /admin/notifications/count HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: de-DE,de;q=0.9 Authorization: Basic ZG9lcmtlbjpTUmQ0dzdVUg== Cache-Control: no-cache Connection: keep-alive Cookie: eZSESSID=8vtcuqc7lkmf2kn1tcvvrq6ata Host: ******* Pragma: no-cache Referer: ******************* Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15 X-Requested-With: XMLHttpRequest *no* further _formatting_ is done here
On the failing request the browser only sends:
GET /admin/notifications/count Accept: */* Referer: *********** Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15 X-Requested-With: XMLHttpRequest
Unfortunately I could not reproduce the error on a clean installation.
Do you have any Ideas what might be the cause to this?
Thanks
David