band-aid fix for frozen session issue on signup #50

Merged

Snakes merged 11 commits from :fix-bad-cookies into master 2022-12-06 22:07:13 +00:00

Conversation 0 Commits 11 Files Changed 6

justcool393 commented 2022-12-06 18:06:35 +00:00

through some reason or another, people are somehow getting cookies that aren't prepended with a dot.

this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.

this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).

we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).

this may log some people out, but... their days of being able to do stuff on the site were numbered anyway.

edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if this doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.

through some reason or another, people are somehow getting cookies that aren't prepended with a dot. this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc. ~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~ ~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~ ~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~ **edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**

justcool393 added 1 commit 2022-12-06 18:06:35 +00:00

6fc99839ce hopefully fix for the frozen session issue ...

through some reason or another, people are somehow get cookies that
aren't prepended with a dot. this is a problem because both sessions at,
as best as I can tell, mix so it tries to read from a different cookie
than we write to. this essentially "freezes" the session in place. users
are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
this attempts to delete bad session cookies (i.e. cookies with a domain
that don't start with a dot). we don't do this on "dotless" domains
(and by extension localhost) because browser support for setting cookies
on FQDNs that only have one dot has tenuous support among browsers
anyway). this *may* log some people out, but... their days of being able
to do stuff on the site were numbered anyway.

justcool393 added 1 commit 2022-12-06 19:09:25 +00:00

8038b5ca05 the issue may actually be the '.'s not the other way around

justcool393 added 1 commit 2022-12-06 20:24:21 +00:00

f8cfe7cf82 move cookie domain setting to before_request

justcool393 added 1 commit 2022-12-06 20:28:48 +00:00

c7fbc39e5f CF cookie: improve reliability

justcool393 added 1 commit 2022-12-06 20:32:01 +00:00

c2e63a8867 remove fix frozen sessions helper ...

it doesn't work whatever

justcool393 added 1 commit 2022-12-06 20:33:37 +00:00

3ecfc907ef add helpful note on bad submission tokens

justcool393 added 1 commit 2022-12-06 20:35:59 +00:00

379ebda08d don't set session_cookie_domain on startup

justcool393 added 1 commit 2022-12-06 20:47:01 +00:00

7ad4f6d898 add browser specific help text

justcool393 added 1 commit 2022-12-06 21:34:11 +00:00

6662948452 signup: flex tape solution is to wipe a users ...

session if signup fails for a bad signup token

justcool393 changed title from hopefully fix for the frozen session issue to band-aid fix for frozen session issue on signup 2022-12-06 21:35:34 +00:00

justcool393 added 1 commit 2022-12-06 21:39:44 +00:00

876014af8d testing on devrama redux

justcool393 added 1 commit 2022-12-06 21:43:22 +00:00

b9500ee009 remove duplicate error text

Snakes merged commit 6dbad04f08 into master 2022-12-06 22:07:13 +00:00

Snakes referenced this issue from a commit 2022-12-06 22:07:13 +00:00

band-aid fix for frozen session issue on signup (#50)

geese_suck referenced this issue from a commit 2022-12-09 20:58:39 +00:00

band-aid fix for frozen session issue on signup (#50)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working   

duplicate

This issue or pull request already exists   

feature

New feature   

good first issue

New and want to help?   

help wanted

Need some help   

improvement

Code-focused: maintenance, refactoring   

invalid

Something is wrong   

question

More information is needed   

wontfix

This won't be fixed

No Label

bug

duplicate

feature

good first issue

help wanted

improvement

invalid

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: rDrama/rDrama#50

There is no content yet.