Hi,
I am seeing the fuelid cookie set 3 times in the http response header after a redirect.
Is it a bug or I am doing something wrong in the code?
I am pretty much just calling Response::redirect (the whole source code would be too long to send, but i will try a simple controller to try to reproduce this with a few lines of code).
e.g:
Response::redirect(Util::addCurrentQueryString(ABTesting::addVersionToUrl("/auth/newdevice")));
(the method calls inside the redirect() simply manipulate the url query string)
I am using the session driver 'file'.
http headers in the response looks like:
Set-Cookie:fuelfid=lYVNvKEBXp_x8bf-dcNYa3qwc3slZV1z8Pc_n5GrXQmoPhl_r_FNU-nkjp3HyrhLedO4MrahidzTyWbfPDXxC9Y-S5kwmoob3SiMZ73bsqRLN5A_YSsXnothN_WM0lq7E1P0wcz7xEBJRwHBJpKp2Ic6QKzxelD0qYpCJbWWfKZ6Hn_mUGNlwJ2SNZgaW6UOVK7Y7oJinqHTi_byRS3GJmb3GFVntHHRs4Qtf56moYvgeskw3kRIfoq1M6lLB5gQ7TSIE7rU2onUPg9r7_SYXTguOGP94FSp6zB_aBJ1rAFg1UFmcooetXIBErbjKywFZKIO2GeqD8GNs7NmdDKSnpZDktMsOowcpgD3xeT_3u_ISgLY7wASprC7q5kvUrFxzlABfGiVBuNR93TNLIYJSYA-htfzuX5N6ltGBVIDseWY1xqtH1tfQWDXIf-kgqmz900e3gp-d8pzlyYWLHJ4Z7E8HRpq2cviiRqYfqgi2inxMaxyOWWqyVNrlZFt1ySln1tbtCrgkskoVTZRU2ThhWNyUFBqbTJqeUZJcWZXU0o4ODZUeWdIbVg5TGdXNTRGUk9aYlZ0c0hjR2c; expires=Wed, 19-Sep-2012 04:15:24 GMT; path=/
Set-Cookie:fuelfid=lYVNvKEBXp_x8bf-dcNYa3qwc3slZV1z8Pc_n5GrXQmoPhl_r_FNU-nkjp3HyrhLedO4MrahidzTyWbfPDXxC9Y-S5kwmoob3SiMZ73bsqRLN5A_YSsXnothN_WM0lq7E1P0wcz7xEBJRwHBJpKp2Ic6QKzxelD0qYpCJbWWfKZ6Hn_mUGNlwJ2SNZgaW6UOVK7Y7oJinqHTi_byRS3GJmb3GFVntHHRs4Qtf56moYvgeskw3kRIfoq1M6lLB5gQ7TSIE7rU2onUPg9r7_SYXTguOGP94FSp6zB_aBJ1rAFg1UFmcooetXIBErbjKywFZKIO2GeqD8GNs7NmdDKSnpZDktMsOowcpgD3xeT_3u_ISgLY7wASprC7q5kvUrFxzlABfGiVBuNR93TNLIYJSYA-htfzuX5N6ltGBVIDseWY1xqtH1tfQWDXIf-kgqmz900e3gp-d8pzlyYWLHJ4Z7E8HRpq2cviiRqYfqgi2inxMaxyOWWqyVNrlZFt1ySln1tbtCrgkskoVTZRU2ThhWNyUFBqbTJqeUZJcWZXU0o4ODZUeWdIbVg5TGdXNTRGUk9aYlZ0c0hjR2c; expires=Wed, 19-Sep-2012 04:15:24 GMT; path=/
Set-Cookie:fuelfid=lYVNvKEBXp_x8bf-dcNYa3qwc3slZV1z8Pc_n5GrXQmoPhl_r_FNU-nkjp3HyrhLedO4MrahidzTyWbfPDXxC9Y-S5kwmoob3SiMZ73bsqRLN5A_YSsXnothN_WM0lq7E1P0wcz7xEBJRwHBJpKp2Ic6QKzxelD0qYpCJbWWfKZ6Hn_mUGNlwJ2SNZgaW6UOVK7Y7oJinqHTi_byRS3GJmb3GFVntHHRs4Qtf56moYvgeskw3kRIfoq1M6lLB5gQ7TSIE7rU2onUPg9r7_SYXTguOGP94FSp6zB_aBJ1rAFg1UFmcooetXIBErbjKywFZKIO2GeqD8GNs7NmdDKSnpZDktMsOowcpgD3xeT_3u_ISgLY7wASprC7q5kvUrFxzlABfGiVBuNR93TNLIYJSYA-htfzuX5N6ltGBVIDseWY1xqtH1tfQWDXIf-kgqmz900e3gp-d8pzlyYWLHJ4Z7E8HRpq2cviiRqYfqgi2inxMaxyOWWqyVNrlZFt1ySln1tbtCrgkskoVTZRU2ThhWNyUFBqbTJqeUZJcWZXU0o4ODZUeWdIbVg5TGdXNTRGUk9aYlZ0c0hjR2c; expires=Wed, 19-Sep-2012 04:15:24 GMT; path=/
I'll try to reproduce with a simple controller..
Laurent
That is odd, the cookie is set in Fuel's shutdown event, and should only be run once.
Let me know if you can reproduce it, and if you can, please post your test code on http://scrp.at so I can use that to test here.
I can reproduce two cookies, but not more.
Checked the code, if the session does not exist, the driver will create one (which will set a cookie), and the shutdown event will update the session, which sets another cookie. When the session exists, I don't see more than one cookie using your example. I tried file, db and cookie drivers.
After further debugging, i see:
- 3 cookies if the session did not exist before the request.
It looks like 2 cookies are set by the Event::shutdown triggered by the redirect and another one at the end when Event::shutdown is called again by bootstrap.php:
in more details:
-2 cookies set by Session_File->write(): one by calling Session_File->create(), and the other later in the same function by calling $this->_set_cookie();
- 1 cookies set at the end by a call to Event::shutdown in bootstrap.php (in register_shutdown_function()).
-2 cookies once the session exists already.
Same as previous ones, except the one that was set by Session_File->create() is not set in that case since the session did not need to be created.
A response with 3 cookies that are pretty long makes the response size much bigger than expected for a redirect unfortunately.
If you have a shutdown event call in your index.php, you haven't upgraded your index.php when you upgraded the framework files. Which means perhaps you have more issues.
When you upgrade to a new version, don't forget to verify and update the files in app (index.php, assets, bootstrap, oil, etc).
You will always have double cookies on new sessions, because it will create it as soon as you load the session class, and write a second one in the shutdown event. There is no option in PHP to delete or overwrite already set headers.
In all other cases you will have only one.
Just checked the index.php of 1.2 and 1.2.1. release, and I don't see the shutdown call in there. It was there in 1.1, and removed when we released 1.2 where we moved it to PHP's shutdown handler.
p.s. the Session class will be rewritten for 2.0, where this issue will be addressed. As the shutdown event is always executed, no matter how your script terminates, it is technically no longer needed to do a create-on-load.
Donate
