Change cookie key in CE #4621

ruslandoga · 2024-09-25T16:33:24Z

What is happening (probably):

after POST /login browsers store two cookies, legacy-session one for .<domain> and new-session one for <domain> for the same key
(some?) browsers put legacy-session cookie first in the cookie header
Plug uses maps, so only one _plausible_prod cookie gets in, and in the current implementation, it's the first one that appears in the cookie header
if legacy-session cookie ends up in the session map, auth plugs fail and redirect back to /login

This PR just changes the cookie key to _plausible_key so that there wouldn't be any conflicts.

github-actions · 2024-09-26T07:08:37Z

Preview environment👷🏼‍♀️🏗️
PR-4621

ruslandoga requested a review from a team September 25, 2024 16:33

use default sessions options in ce

f6b2ad5

ruslandoga force-pushed the change-cookie-key-in-ce branch from 1161e61 to f6b2ad5 Compare September 25, 2024 16:42

there is no RuntimeSessionAdapter anymore

08d1fea

ruslandoga changed the title ~~Use default sessions options in CE~~ Change cookie key in CE Sep 25, 2024

ruslandoga mentioned this pull request Sep 25, 2024

TOTP Crash after upgrading to 2.1.2 #4619

Closed

2 tasks

zoldar added the preview label Sep 26, 2024

zoldar approved these changes Sep 26, 2024

View reviewed changes

ruslandoga mentioned this pull request Sep 26, 2024

After upgrade to 2.1.2 login fails plausible/community-edition#158

Closed

ruslandoga added this pull request to the merge queue Sep 26, 2024

Merged via the queue into master with commit 356f50e Sep 26, 2024
12 checks passed

ruslandoga deleted the change-cookie-key-in-ce branch September 26, 2024 10:36

Provide feedback