WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Use a shared session cookie between admin and website #256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alexander-schranz wants to merge 2 commits into
base: 2.6
Choose a base branch
from
Open

Use a shared session cookie between admin and website #256

alexander-schranz wants to merge 2 commits into from

Conversation

@alexander-schranz
Copy link
Member

@alexander-schranz alexander-schranz commented Sep 2, 2024
edited
Loading

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Fixed tickets fixes #issuenum
Related issues/PRs #issuenum
License MIT
Documentation PR sulu/sulu-docs#prnum

What's in this PR?

Use a shared session cookie between admin and website.

Why?

Depending on which cookies already exists and login into admin after website and other way around you might get logout of the other session. Because session get invalidated by a login.

After some different options and tries with our Partner iCapps (@matthiasseghers) I find sharing the session on the same path and optional document the invalidate_session config is the way to go.

Historically we did put the cookie_path differently to avoid the same issue but it did not work in all cases. Also previously we had 2 different security.yaml and so website yaml didn't know about admin yaml security config and that did force us also different ways. With the way to a single security yaml I also think there speaks nothing against a single session now.

I would also prepare a 3.0 merge request to not longer prepend the cookie_path in 3.0 in: https://github.com/sulu/sulu/blob/9ee10853304f2dc39e84a3a91da8e3e193d74391/src/Sulu/Bundle/SecurityBundle/DependencyInjection/SuluSecurityExtension.php#L182

@alexander-schranz alexander-schranz added the enhancement New feature or request label Sep 2, 2024
@alexander-schranz alexander-schranz mentioned this pull request Sep 2, 2024
Draft
@alexander-schranz alexander-schranz force-pushed the feature/shared-session-cookie branch from 77c0ea2 to 51f64dd Compare September 2, 2024 09:41
@alexander-schranz alexander-schranz force-pushed the feature/shared-session-cookie branch from 51f64dd to 2707dcd Compare September 2, 2024 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Prokyonn Prokyonn Prokyonn approved these changes

@chirimoya chirimoya Awaiting requested review from chirimoya

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexander-schranz @Prokyonn