qBittorrent icon indicating copy to clipboard operation
qBittorrent copied to clipboard

Published 20 hours ago verified publisher icon qbittorrent

WebUI: append port to session cookie name

Open dyseg opened this issue 1 year ago • 8 comments

Prevents overwriting the shared cookie between qBt sessions on the same host. Separated from #21618. Original topic: https://github.com/qbittorrent/qBittorrent/issues/20873#issuecomment-2408992631

dyseg avatar Oct 15 '24 20:10 dyseg

The issue of multiple qBittorrent instances under the same host was already fixed by implementing suggestion of allowing you to set custom cookie name. Original Issue is #18329. Fixed by #18384.

glassez avatar Oct 16 '24 18:10 glassez

In this case from my side this PR can be closed.

dyseg avatar Oct 16 '24 18:10 dyseg

It would be really nice to fix the multi-instance scenario for users without requiring them to manually configure a custom cookie name. I suspect most users are not aware of this footgun, and so having a comprehensive fix will also prevent these users from opening GitHub issues unnecessarily.

Piccirello avatar Oct 16 '24 19:10 Piccirello

It would be really nice to fix the multi-instance scenario for users without requiring them to manually configure a custom cookie name. I suspect most users are not aware of this footgun, and so having a comprehensive fix will also prevent these users from opening GitHub issues unnecessarily.

It's reasonable. But shouldn't it then completely replace the current solution with a manually set name? It hardly makes much sense to have both of them at the same time.

glassez avatar Oct 17 '24 05:10 glassez

It's reasonable. But shouldn't it then completely replace the current solution with a manually set name? It hardly makes much sense to have both of them at the same time.

Yes, I think having this would eliminate the need for setting a custom cookie name.

Piccirello avatar Oct 17 '24 08:10 Piccirello

the WebUI session cookie named SID is shared between the two instances, and gets constantly overwritten.

@dyseg ~~Are you able to reproduce it with latest git master? I tested it but cannot reproduce. Browser is firefox developer edition 132 I remember I reproduced it in the past but the problem seems to have gone away now.~~

EDIT: Was a slight problem on my side, I can reproduce it now.

Chocobo1 avatar Oct 17 '24 08:10 Chocobo1

Btw, chances are high, that other web applications name their session cookie also as SID. One example: https://github.com/gerbera/gerbera/issues/2058#issuecomment-950362846 And I'm sure that a quick github search would reveal more. Even if the dynamic cookie name is not introduced, the default name could be changed to something which is unlikely to conflict with other webapps on the same host, path.

dyseg avatar Oct 17 '24 20:10 dyseg

Btw, chances are high, that other web applications name their session cookie also as SID. One example: gerbera/gerbera#2058 (comment) And I'm sure that a quick github search would reveal more. Even if the dynamic cookie name is not introduced, the default name could be changed to something which is unlikely to conflict with other webapps on the same host, path.

This is a good point. This PR switches the static portion of the name to QBT_SID, which should handle that.

Piccirello avatar Oct 17 '24 21:10 Piccirello

This PR is stale because it has been 60 days with no activity. This PR will be automatically closed within 7 days if there is no further activity.

github-actions[bot] avatar Jan 16 '25 00:01 github-actions[bot]

This PR was closed because it has been stalled for some time with no activity.

github-actions[bot] avatar Jan 24 '25 00:01 github-actions[bot]