Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolved #4227 where expire_session_on_browser_close config override was not always respected #4241

Open
wants to merge 2 commits into
base: 7.dev
Choose a base branch
from
Open

Resolved #4227 where expire_session_on_browser_close config override was not always respected #4241

wants to merge 2 commits into from

Conversation

intoeetive
Copy link
Contributor

@intoeetive intoeetive commented Apr 15, 2024
edited
Loading

Resolved #4227 where expire_session_on_browser_close config override was not always respected

EE7 version of #4242

@intoeetive intoeetive added this to the 7.x milestone Apr 15, 2024
@intoeetive intoeetive added the Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on. label Apr 15, 2024
@intoeetive intoeetive mentioned this pull request Apr 15, 2024
Open
@intoeetive intoeetive modified the milestones: 7.x, 7.4.7 Apr 15, 2024
robinsowell
robinsowell reviewed Apr 15, 2024
View reviewed changes
Copy link
Contributor

@robinsowell robinsowell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it's weird, but it doesn't seem to do anything with regard to the session expiration. Also.... wouldn't this skip the cookie registry check for all cookies, not just sessions. I'm pretty sure it's only that session cookie that's supposed to be affected by the setting.

@robinsowell
Copy link
Contributor

Also... the more I think on it, the more I start to lean toward removing it entirely. We can manage the session cookie length in the cookie settings now, which I believe would keep it in line with the cookie consents. Which it... probably should be? Though granted, the setting can only make it more private, not less.

Weird that didn't fix it, though. But it definitely didn't for me.

@intoeetive
Copy link
Contributor Author

Right, you could just set the value to 0 and that will do it.

@bryannielsen bryannielsen modified the milestones: 7.4.7, 7.4.8 Apr 15, 2024
@intoeetive
Copy link
Contributor Author

@robinsowell upon further thinking, I think we still need to make override work for sake of upgraded sites.

Please check the new version I just pushed

@bryannielsen bryannielsen modified the milestones: 7.4.8, 7.4.9 Apr 18, 2024
@robinsowell
Copy link
Contributor

I'm not sure why, but it still doesn't seem to be working.

Screenshot 2024-04-22 at 1 26 55 PM

$config['expire_browser_on_session_close'] = 'y';

I tried logging into the backend, logging into the frontend- both running cookies only for session setting. Running EE 7.4.8, I even grabbed a fresh system/ee folder, then dropped the new file into that.

@bryannielsen bryannielsen modified the milestones: 7.4.9, 7.4.10 Apr 22, 2024
@bryannielsen bryannielsen modified the milestones: 7.4.10, 7.x May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robinsowell robinsowell robinsowell left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@robinsowell robinsowell

Labels
Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on.
Projects
None yet
Milestone
7.x
Development

Successfully merging this pull request may close these issues.

Session expire_browser_on_session_close doesn't work with cookie consent
3 participants
@intoeetive @robinsowell @bryannielsen