Skip to content

Session cookie removed on second request if empty session. #45206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tomme87 opened this issue Jan 27, 2022 · 7 comments
Closed

Session cookie removed on second request if empty session. #45206

tomme87 opened this issue Jan 27, 2022 · 7 comments
Labels
Bug HttpKernel Stalled Status: Needs Review

Comments

@tomme87
Copy link

tomme87 commented Jan 27, 2022
edited
Loading

Symfony version(s) affected

5.4.3

Description

After creating a session it always get removed the next request.

Looks like this started happening after #41390

If you look at

symfony/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php

Lines 155 to 163 in 3cbef85

if ($requestSessionCookieId && $session->isEmpty()) {
$response->headers->clearCookie(
$sessionName,
$sessionCookiePath,
$sessionCookieDomain,
$sessionCookieSecure,
$sessionCookieHttpOnly,
$sessionCookieSameSite
);

It removes cookie if session is empty. My session is always empty. I just need to have a session, even if it's empty.

How to reproduce

Start a session without data and the cookie will get removed immediately after.

Possible Solution

Never remove the cookie unless it's expired or removed explicitly?

Additional Context

Discussion in #44634 looks relevant
@tomme87 tomme87 added the Bug label Jan 27, 2022
@chalasr
Copy link
Member

chalasr commented Jan 27, 2022

Can you try with 5.4-dev and confirm if the bug is still there?

@tomme87
Copy link
Author

tomme87 commented Jan 27, 2022

Can you try with 5.4-dev and confirm if the bug is still there?

The bug is still there with 5.4-dev

@pajon
Copy link

pajon commented Feb 1, 2022
edited
Loading

Hi guys, I have a similar issue. It is possible to maintain an empty session with the session cookie? After the latest patch (5.4.3) is also not possible to create the session cookie if session bags are empty and the session cookie doesn't exist.

@alexander-schranz
Copy link
Contributor

I'm curious what is the usecase to have an empty session? At current state you could also just write something into the session if it need to be kept: $request->getSession()->set('keep', '1');

@carsonbot
Copy link

Hey, thanks for your report!
There has not been a lot of activity here for a while. Is this bug still relevant? Have you managed to find a workaround?

@carsonbot
Copy link

Could I get an answer? If I do not hear anything I will assume this issue is resolved or abandoned. Please get back to me <3

@carsonbot
Copy link

Hey,

I didn't hear anything so I'm going to close it. Feel free to comment if this is still relevant, I can always reopen!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpKernel Stalled Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@pajon @alexander-schranz @xabbuh @chalasr @tomme87 @carsonbot