You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's more of a hint than an issue.
After a pentest of our webapp which resulted in a recommendation using SameSite strict for cookies, we encountered an issue by a new user, who has a favorites.html with a link to the webapp. When he tried to get to the app, the request ended in a redirect loop between the callback and login routes and Keycloak.
I found out, that using 'same_site' => 'strict' in config/session.php leads to these redirect loops when the request of the page originates from a hyper link. The reason seems to be the session handling of Laravel (laravel/framework#31442 (comment)).
So we changed back to SameSite lax.
Maybe, this could be mentioned in the FAQs - it took me half a day to find that out.
Regards
Erik
The text was updated successfully, but these errors were encountered:
It's more of a hint than an issue.
After a pentest of our webapp which resulted in a recommendation using SameSite
strictfor cookies, we encountered an issue by a new user, who has afavorites.htmlwith a link to the webapp. When he tried to get to the app, the request ended in a redirect loop between the callback and login routes and Keycloak.I found out, that using
'same_site' => 'strict'in config/session.php leads to these redirect loops when the request of the page originates from a hyper link. The reason seems to be the session handling of Laravel (laravel/framework#31442 (comment)).So we changed back to SameSite
lax.Maybe, this could be mentioned in the FAQs - it took me half a day to find that out.
Regards
Erik
The text was updated successfully, but these errors were encountered: