[9.x] Fix database session driver keeps resetting CSRF token #42782
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hussam3bd
changed the title
Hussam3bd
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have a multi-tenant app that runs on multiple servers using a load balancer, and as the app is load balanced across multiple servers, we are using a centralized store that all servers can access which is
Redis.Everything is working just fine on Redis driver, but when we changed the session driver to
databasewe start having an issue withCSRF tokenand the token keep changing on every request and that causedCSRF Token Mismatchexception.After a lot of debugging, I found that the issue was not with session config or the front-end request, it was from the
payloadcolumn in thesessionstable in the database, the session payload was too long and that caused an issue on decrypting the payload which is causing the mismatch and missing token.We fixed is issue by changing the
payloadcolumn fromtexttolongText, and it worked!This issue was reported in #13570