クッキーへのパスを追加

vikaskedia · 2017 年 6 月 21 日午後 3:35

@sam I took your suggestion .. deleted all the cookies and I still hit the bug.

Please see the attached video:

neil · 2017 年 6 月 21 日午後 6:48

I can go back and forth between two sites at the same domain, different subfolders, and I don’t see anything out of the ordinary hitting the auth logs.

6 - seen token
5 - rotate
4 - seen token
3 - rotate
...

Those don’t happen very often.

vikaskedia · 2017 年 6 月 21 日午後 6:54

@neil I can give you access to my system remotely if it helps you debug.

I am able to replicate the bug in the video every time.

neil · 2017 年 6 月 21 日午後 6:54

I believe you, but subfolder debugging… ugh. Still working on it.

neil · 2017 年 6 月 21 日午後 7:51

So you deleted your cookies but still have the problem?

vikaskedia · 2017 年 6 月 21 日午後 7:54

yes .. I wanted to make sure I did it .. so I also recorded it in the video

neil · 2017 年 6 月 21 日午後 8:18

Hmm, the problem definitely goes away for me when i’ve cleared cookies. Do yours look like this now?

vikaskedia · 2017 年 6 月 21 日午後 8:33

Yes !!

neil · 2017 年 6 月 21 日午後 8:35

I reverted the other fix, so you should undo that change since it’s worse behaviour than before. I don’t understand what you’re seeing, or how to fix what I’m seeing.

vikaskedia · 2017 年 6 月 21 日午後 8:37

maybe its time for big boss @sam to step in !!

codinghorror · 2017 年 6 月 21 日午後 10:13

We are deferring on this for now. Running two instances of Discourse on the same domain in different subfolders is not a supported config at the moment. We may circle back to this in a few months, though.

vikaskedia · 2017 年 6 月 21 日午後 11:58

makes sense .. being able to say 'No" creates a great product.

Falco · 2017 年 11 月 23 日午後 9:57

We will give another go at this soon.

vikaskedia · 2018 年 3 月 29 日午後 10:44

Please close this issue. It works now. By setting the DISCOURSE_TOKEN_COOKIE env var.

Thanks @Falco @neil

Well done !!

eviltrout · 2018 年 6 月 26 日午後 8:30

As @vikaskedia mentioned earlier, there is a workaround. You can use a different cookie name for each subfolder by using DISCOURSE_TOKEN_COOKIE in your configuration.

However, there is still a bug here where cookies are not properly restricted to paths on subfolder installs, causing conflicts with their sessions. The only solution is to use a different cookie name for now.

A better fix from a security standpoint would be to restrict to the proper subfolder path per cookie.

codinghorror · 2018 年 6 月 26 日午後 8:57

Can you scope how much work this would be, in terms of “T-shirt sizing”? Small, Medium, Large, XL, XXL?

sam · 2018 年 6 月 27 日午前 7:25

Somewhere between small and medium. It would log everyone off though when “fixed / changed”

codinghorror · 2018 年 6 月 27 日午前 8:03

Hmm that is fairly traumatic. Is there any way to fix it so it only logs people out on subfolder setups at least?

トピック		返信	表示
Serve Discourse from a subfolder (path prefix) instead of a subdomain Self-Hosting docker , subfolder , how-to , advanced-setup	30	43389	2026 年 4 月 14 日
Setting the session token '_t' on the entire domain, not just my subdomain Development	6	5484	2016 年 5 月 1 日
Address Bar changes under subfolder Support	1	471	2020 年 6 月 28 日
Put discourse on a sub url Support	6	1451	2020 年 8 月 7 日
Generals Subfolder recommendations and tips Self-hosting	9	2070	2020 年 1 月 12 日

クッキーへのパスを追加

関連トピック