You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session clearing after logout. Currently all session variables remain. My bad, it is there. But as sessions do not expire, they will remain, if user not log out.
Proper session expiration handling. Currently it works undes http, but not under https. Session are lost after couple of seconds, probably some server configuration issue, so session_id are different and therefore $fp = $this->fingerprint(); return different value. It really should handle session expiration by itselt.
It was actually my bug. I use php-crud-api with BasicAuth and made some ajax request against that from Pico site. But what happens, is session conflict, as PicoUsers set PHPSESSID cookie and php-crud-api set PHPSESSID cookie and later rewrite it in browser and PicoUsers session got lost. It works under http, as php-crud-api was defined as https, so for browser, it was CORS situation, and no cookie was set.
Here also, perhaps You should consider to set different session_name to avoid session conflicts. It could by hard-coded 'PicoUsers' or from configuration.
The text was updated successfully, but these errors were encountered:
Session clearing after logout. Currently all session variables remain.My bad, it is there. But as sessions do not expire, they will remain, if user not log out.Proper session expiration handling. Currently it works undes http, but not under https. Session are lost after couple of seconds, probably some server configuration issue, so session_id are different and therefore$fp = $this->fingerprint();return different value. It really should handle session expiration by itselt.It was actually my bug. I use php-crud-api with BasicAuth and made some ajax request against that from Pico site. But what happens, is session conflict, as PicoUsers set PHPSESSID cookie and php-crud-api set PHPSESSID cookie and later rewrite it in browser and PicoUsers session got lost. It works under http, as php-crud-api was defined as https, so for browser, it was CORS situation, and no cookie was set.
I already made a ticket to php-crud-api and it is already solved: mevdschee/php-crud-api#600
Here also, perhaps You should consider to set different session_name to avoid session conflicts. It could by hard-coded 'PicoUsers' or from configuration.
The text was updated successfully, but these errors were encountered: