Cloudflare cookie: CF_Authorization

When the authorisation cookies expire (CF_Authorization) it redirects the user to a generic error page. Image bellow
Screenshot from 2024-07-11 10-16-51

The expected behaviour is to show the refresh pop-up page. that happens when the Discourse _t cookie expires. Image below.

Ideas that didn’t work:

  1. Since the cookie is secure we can not get it using JS.
  2. The Cloudflare team can not extend the expiry date for security reasons.

Does anyone have an idea how can we solve this issue?

Other than breaking discourse, what problem is the cloudflare authorization solving?

I thought that there was a site setting for how long discourse cookies last, but maybe it’s hidden.


I’m not sure. The CF_Authorization is not a Discourse cookie. The problem is that the Cloudflare cookie triggers before the Discourse cookie _t.

You can try changing persistent sessions or maximum session age.

Why is the cloudflare cookie important?

It didn’t work.

I’m not sure. I will try to get more info on that.

I think you’d need to delete your existing cookies after changing those settings. They will affect only new sessions and be cookies.

Still not working. I open the forum in a Anonymous browser and after deleting the CF_Authorization cookie the same generic page was shown.

Oh, sorry. I guess I don’t understand what that cloudflare thing is doing. Can you do without it?

1 Like