View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006212 | OXID eShop (all versions) | 4.08. Cache | public | 2015-08-05 10:41 | 2016-01-15 13:26 |
| Reporter | hendrikfreytag | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.9.5 / 5.2.5 | ||||
| Fixed in Version | 4.9.7 / 5.2.7 | ||||
| Summary | 0006212: Problems with deleting unimportant cookies in varnish 4 | ||||
| Description | Varnish version: 4.0.3 Varnish uses ',' as separator for cookies. But if there is an expires cookie is has also a ',' in it (e.g. Thu,01-Jan-1970 00:00:01). So varnish thinks that should be separated. | ||||
| Steps To Reproduce | To get a cookie that makes problems you can e.g. add following lines in application/controllers/details.php at the beginning of the render function: $oHistoryArtList = oxNew('oxarticlelist'); $oHistoryArtList->loadHistoryArticles($sOxid, $iCnt); | ||||
| Additional Information | In varnishlog you will get something like that: - BerespUnset Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: language=0; path=/; httponly, language=0; path=/; httponly, aHistoryArticles=deleted; expires=Thu,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: , , ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: , , ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: , , ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: , , ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespUnset Set-Cookie: ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - BerespHeader Set-Cookie: ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly - ObjHeader Set-Cookie: ,01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly So you can see the cookies are not correct removed. | ||||
| Tags | Solution Provided, Varnish | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
|
|
Extracted from a Skype Chat with Saulius: Michael Keiluweit: oxClearCookiesByWhitelistRecv # Setting to all cookies that are in white list "@" sign before param name. so cookies on the whitelist are getting a @ sign therefore they will not be deleted later. But I detected, that some admin area cookies are still there, after the cleaning. I guess one will not be deleted because it has an @sign in its content: setOxCookie("oxidadminprofile", $sProfile . "@" . implode("@", $aProfiles[$sProfile]), but this effects only admin user as normal customers doesn't get such an cookie the other cookie is admin_sid, it will not be deleted, too. But I have no idea why. I made a debug output to see what is going on in the function: @sid_key=oxid; showlinksonce=1; oxidadminprofile=0%40Standard%4010; oxidadminlanguage=en; @oxid_3=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; @oxid_3_autologin=1; oxidadminhistory=%7Cadmin_start%7Cnavigation%7Carticle%7Cshop%7Cadmin_user; admin_sid=adejl74pop7po8ic1ci8dugoi6; language=0; @oxid_9=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; @oxid_9_autologin=1; oxenv_key=7ecbdfb42d888f25bca55e72fc7af409; @oxid_10=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; @oxid_10_autologin=1; sid=tiqtobgq7074mbt9hjs3dj8ci4 You see that the cookies which are on the whiltelist are marked. The following string is the result after the cleaning: sid_key=oxid; oxidadminprofile=0%40Standard%4010; oxid_3=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; oxid_3_autologin=1; admin_sid=adejl74pop7po8ic1ci8dugoi6; oxid_9=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; oxid_9_autologin=1; oxid_10=michael.keiluweit%40oxid-esales.com%40%40%405aNXR3tx1l.mA; oxid_10_autologin=1 Michael Keiluweit: as I said, because it effects only the admin users, it is more or less important. But it should be known that there could be an issue in the future. |
