You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default Session variable in SilverStripe 5 has the SameSite=Lax setting enabled.
SameSite Cookie Policy: The SameSite=Lax setting allows cookies to be sent with cross-site GET requests but not POST requests. Since the RealMe return uses a POST request, the session cookie is not sent back, causing the session to reset.
How to reproduce
Create a session variable in your SilverStripe instance.
Sign in to RealMe
Your session will be reset
Possible Solution
Change the default cookie settings, or enable a way to pass through additional data
Additional Context
No response
Validations
Check that there isn't already an issue that reports the same bug
Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)
The text was updated successfully, but these errors were encountered:
Module version(s) affected
5.3.2
Description
The default Session variable in SilverStripe 5 has the SameSite=Lax setting enabled.
SameSite Cookie Policy: The
SameSite=Lax
setting allows cookies to be sent with cross-site GET requests but not POST requests. Since the RealMe return uses aPOST
request, the session cookie is not sent back, causing the session to reset.How to reproduce
Possible Solution
Change the default cookie settings, or enable a way to pass through additional data
Additional Context
No response
Validations
silverstripe/installer
(with any code examples you've provided)The text was updated successfully, but these errors were encountered: