Yes would only be for subfolder setups, also not sure what to do about leftover cookie
Were any of the recent subfolder changes helpful here on this front?
I don’t recall changing anything in this department recently.
7 years later and the _t cookie doesn’t have a Path set
running v3.4.2
I host two servers that each run ~15 discourse instances using sub-directories. not having Path set on the _t cookie is a rather large pain point.
DISCOURSE_TOKEN_COOKIE is also not documented anywhere.
Searching on google has 3 results: this thread, a code link to github where this variable is defined and a 404 link to something called isharkfly
It took me over 6 months to find this thread.
Unfortunately you’re right - the _t cookie still doesn’t have a path associated. It’s something we’d like to do, but ‘subfolder’ installations are fairly rare, and multiple subfolder installations on the same domain are even more rare. So it just hasn’t been prioritised.
I took a look at one collection of subfolder sites that we host, and it looks like our workaround has been to rename the cookie for each site on the domain. So, assuming you’re using our standard install YAML files, you would add something like this to each one:
env:
DISCOURSE_TOKEN_COOKIE: _t_mysite
(where mysite is different for each forum)
3 个赞
Yup. I have now added this. But users are still having issue where they need to re-auth more than they should when switching instances.
But the biggest issue was finding that this was available. I only found it by reading the source and the only way i found this thread was by searching for the exact setting name after i already knew it existed.
Understood. Thanks for posting here about it!
Are the forums public? Could you share some URLs?
They are forums for university courses. So they are private.
The URL format is discourseX.university.url/<year>/<course-name>
1 个赞
And your DISCOURSE_TOKEN_COOKIE is including both the year and the course name?
1 个赞
Yes it’s _discourse-<year>_<course-name>_t
1 个赞
I am once again asking for the _t cookie to be scoped correctly with the path of the instace.
I have ran into yet another issue with the DISCOURSE_TOKEN_COOKIEworkaround.
I am currently managing two domains, each domain is running 40, yes forty, discourse instances. (I understand this is prehaps not your tipical use case).
Even when renamed with DISCOURSE_TOKEN_COOKIEthe cookie is only scoped to the domain. not the path.
This means that all requests to that domain get all cookies for that domain, no matter the path.
With 40 renamed cookies every request is sent with one usefull cookie and 39 useless cookies.
Well it would send 39 useless cookies except that after about 30 the request is too long and I get a 400 responce with the following message
Size of a request header field exceeds server limit.