Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session expire_browser_on_session_close doesn't work with cookie consent #4227

Open
robinsowell opened this issue Apr 12, 2024 · 0 comments · May be fixed by #4241
Open

Session expire_browser_on_session_close doesn't work with cookie consent #4227

robinsowell opened this issue Apr 12, 2024 · 0 comments · May be fixed by #4241
Labels
Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on.

Comments

@robinsowell
Copy link
Contributor

Configuration override should cause session cookies to expire on close, and I couldn't figure out why it wasn't working.

Looks like in Input class

        // check the cookie setting for expiration date
        if (is_numeric($data['expire'])) {
            $loadedCookieSettings = ee('CookieRegistry')->getCookieSettings($name);
            if (!empty($loadedCookieSettings)) {
			
			log_message('error', 'input first: ' . ' - ' . $data['expire']);
				
                if ($loadedCookieSettings['cookie_lifetime'] === null) {
                    $cookieSettings = ee('Model')->get('CookieSetting')->filter('cookie_name', $name)->first();
                    $cookieSettings->cookie_lifetime = $data['expire'];
                    $cookieSettings->save();
                    ee('CookieRegistry')->registerCookieSettings($cookieSettings);
                } else {
                    if (is_numeric($loadedCookieSettings['cookie_lifetime'])) {
                        $data['expire'] = ($loadedCookieSettings['cookie_enforced_lifetime'] !== null) ? $loadedCookieSettings['cookie_enforced_lifetime'] : $loadedCookieSettings['cookie_lifetime'];
                    }
                }
				
				log_message('error', 'input second: ' . ' - ' . $data['expire'] . ' _ ' . $data['name']);
            }
        }

That's overriding it with whatever is set in the cookie register settings.

Since you can set the duration in the cookie settings, seems like we should probably just remove this on? Possibly logging it as deprecated so they'll know what's happening if it was working prior to an upgrade and now doesn't.
@robinsowell robinsowell added the Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on. label Apr 12, 2024
intoeetive added a commit that referenced this issue Apr 15, 2024
@intoeetive
Resolved #4227 where expire_session_on_browser_close config overrid…
cae9a6f 
…e was not always respected
@intoeetive intoeetive linked a pull request Apr 15, 2024 that will close this issue
Open
intoeetive added a commit that referenced this issue Apr 15, 2024
@intoeetive
Resolved #4227 where expire_session_on_browser_close config overrid…
f27ae6b 
…e was not always respected
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on.
Projects
None yet
Milestone
No milestone
1 participant
@robinsowell