linuxserver
[BUG] Cookie settings don't take effect
Is there an existing issue for this?
- [X] I have searched the existing issues
Current Behavior
I tried enabling HttpOnly and Secure cookies in php-local.ini, but when opening the site in my browser and checking the cookies it shows the following:
php-local.ini
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None
phpinfo() shows the settings taking effect:
Directive | Local Value | Master Value
session.cookie_httponly | On | On
session.cookie_samesite | no value | no value
session.cookie_secure | On | On
Because of this I also tried changing /config/nginx/site-confs/default.conf by adding the following:
location / {
# ...
proxy_cookie_path / "/; secure; HttpOnly; SameSite=none";
proxy_cookie_flags ~ secure samesite=none;
# ...
}
But to no avail.
Expected Behavior
Setting the following in php-local.ini should change the behaviour observed in the browser.
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None
Steps To Reproduce
- Add the following to
php-local.ini:
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None
- Restart container
- Open Grocy in the browser
- Login
- Open developer console
- Check session cookie
Environment
- OS: Raspbian Bookworm
- How docker service was installed: apt install
CPU architecture
arm64
Docker creation
---
version: "2.4"
services:
grocy:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Budapest
volumes:
- grocy/config:/config
ports:
- 9283:80
restart: unless-stopped
Container logs
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-default-location: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
using keys found in /config/keys
**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐
│ old date │ new date │ path │
├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤
│ 2023-04-13 │ 2024-03-06 │ /config/nginx/site-confs/default.conf │
└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
