Symfony 4 / PHP 7.2 expert for 1 day to fix session bug
- or -
Post a project like this1980
£300(approx. $376)
- Posted:
- Proposals: 3
- Remote
- #2202798
- Awarded
Description
Experience Level: Expert
Estimated project duration: 1 day or less
To identify and fix a bug in an existing Symfony 4 website application where users are experiencing erratic php session behaviour, leading to to failed logins, and invalid CSRF tokens.
I recently upgraded from Symfony 3.4 to 4.2. There were a few issues during the server update. At first I had the session being stored in a file on the server, but then I changed this to stored in the database. The issue I have is that some users are experiencing not being able to create a session. The effect being they can't login, add items to the basket etc. Also CSRF tokens are affected as these are stored in the session. I can't recreate the problem.
My session config looks like this
session:
cookie_domain: "%host%"
cookie_httponly: true
#handler_id: session.handler.native_file
#save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
cookie_secure: true
gc_maxlifetime: 43200 #12 hours
gc_probability: 1
gc_divisor: 50
cookie_lifetime: 0
It seems that if a user clears their browser cache then all is well again. However, I can't ask customers to do this. Could it be there is some stale session data in their browser that won't go away? If the user tries to login, I can see a successful login in the DB, but they say they are not logged in.
This only affecting some customers. i haven't been able to narrow it down to any specific browser or platform, but it does seem that most reports are for Chrome. If they try on another browser it then works.
If I try myself it works, and I can see the cookie PHPSESSID in my dev tools.
One thing I did try as I thought maybe there were two conflicting PHPSESSID cookies (one with preceding . on domain and one not) was to add this bit of javascript to every page
document.cookie = "PHPSESSID=;Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
This I think ensures that the duplicate is removed. However it hasn't solved the problem.
I recently upgraded from Symfony 3.4 to 4.2. There were a few issues during the server update. At first I had the session being stored in a file on the server, but then I changed this to stored in the database. The issue I have is that some users are experiencing not being able to create a session. The effect being they can't login, add items to the basket etc. Also CSRF tokens are affected as these are stored in the session. I can't recreate the problem.
My session config looks like this
session:
cookie_domain: "%host%"
cookie_httponly: true
#handler_id: session.handler.native_file
#save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
cookie_secure: true
gc_maxlifetime: 43200 #12 hours
gc_probability: 1
gc_divisor: 50
cookie_lifetime: 0
It seems that if a user clears their browser cache then all is well again. However, I can't ask customers to do this. Could it be there is some stale session data in their browser that won't go away? If the user tries to login, I can see a successful login in the DB, but they say they are not logged in.
This only affecting some customers. i haven't been able to narrow it down to any specific browser or platform, but it does seem that most reports are for Chrome. If they try on another browser it then works.
If I try myself it works, and I can see the cookie PHPSESSID in my dev tools.
One thing I did try as I thought maybe there were two conflicting PHPSESSID cookies (one with preceding . on domain and one not) was to add this bit of javascript to every page
document.cookie = "PHPSESSID=;Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
This I think ensures that the duplicate is removed. However it hasn't solved the problem.
Patrick L.
100% (1)Projects Completed
1
Freelancers worked with
1
Projects awarded
100%
Last project
22 Nov 2018
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies