I have a weird problem that i can't seem to understand. Some of my octobercms instance users have noticed that if you paste the link to any social media, october does not recognize the session anymore. More specifically, if you have any old school get parameters (like ?fbclid=...) you appear as not logged in. If you delete that part, the session is recognized.
In some other tests, if anyone clicks on a link that leads to the platform, the session is not recognized at all (even without fbclid like parameters)
Did any of you see and handle this problem? Thanks!
Can you give a specific example on how to reproduce this?
It seems that it was the way cookies are set. It should have been set to "lax", and not "strict".
It is very rare that you would actually want to use "strict" for your session cookies. I recommend only using Lax
1-4 of 4