alexandru.moga33046
alexandru.moga33046

Hy guys,

I have a weird problem that i can't seem to understand. Some of my octobercms instance users have noticed that if you paste the link to any social media, october does not recognize the session anymore. More specifically, if you have any old school get parameters (like ?fbclid=...) you appear as not logged in. If you delete that part, the session is recognized.

In some other tests, if anyone clicks on a link that leads to the platform, the session is not recognized at all (even without fbclid like parameters)

Did any of you see and handle this problem? Thanks!

Last updated

mjauvin
mjauvin

Can you give a specific example on how to reproduce this?

alexandru.moga33046
alexandru.moga33046

It seems that it was the way cookies are set. It should have been set to "lax", and not "strict".

LukeTowers
LukeTowers

It is very rare that you would actually want to use "strict" for your session cookies. I recommend only using Lax

1-4 of 4