Description
The current code storing the userhash in a cache uses the whole set of the cookies sent by the user to create the key.
This poses 2 problems:
1. apps which change frequently the value of the cookies, such as analytics tools (ezreco, odoscope) will cause the userhash to be recalculated frequently and saved multiple times in the cache for the same user
2. if an ezpublish installation is hosting many siteaccesses using the same domain, then the userhash calculated based on the user cookies will be only 1, while there should be a separate userhash saved for each siteaccess
Attachments
Issue Links
- relates to
-
EZP-22005 REST API: when using sessions, is_logged_in cookie is always set for top-level domain, not for site root dir
- Closed
-
EZP-22010 Clarify known issues with user-hash cache with multi-site on same domain
- Closed
-
EZP-22045 As a developer, I want user login to be fully handled by Symfony stack
- Closed
-
EZP-22006 Add a configurable cookie whitelist to user hash generation
- Closed
-
EZP-22318 Make Symfony session options siteaccess aware
- Closed
-
EZP-22220 Session creation in REST API doesn't use Symfony SecurityContext
- Closed
- links to