yves
February 12, 2016, 6:47pm
1
Hi there,
this doesn’t look healthy (and blows-up the HTTP headers):
HTTP/1.1 200 OK
Date: Fri, 12 Feb 2016 17:41:15 GMT
Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-01 OpenSSL/1.0.1e-fips PHP/7.0.2
Set-Cookie: kirby_session=a2u4j4594q2gl1br2i83fe2rc1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: kirby_session=a2u4j4594q2gl1br2i83fe2rc1; path=/; HttpOnly
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Type: text/html; charset=UTF-8
Are these repeated and redundant cookie settings something I can fix?
That really shouldn’t be happening. What does your request look like (especially the URI will be important)?
yves
February 12, 2016, 9:43pm
3
It’s the root URI: http://dellen.im
Others like: http://dellen.im/about doesn’t seem to have this problem.
Though I am wondering about the different headers of the above page and this one:
http://dellen.im/stars/20160212/podcast-the-talk-show-146-they-might-be-giants-with-spanish-accent-mit-eddy-cue-und-craig-federighi
Puh, maybe it is related to the aggressive caching I am trying to do in .htaccess?
The question is always: Does it also happen with a fresh installation of the starterkit? If no, try to change various parts of your site until it doesn’t happen anymore. That will help with narrowing down the specific issue behind this problem.
yves
February 12, 2016, 10:37pm
5
@lukasbestle you were right, with a fresh installation the headers looked fine. So I start stripping things out and found the gremlin:
if($user = $site->user()):
Once I eliminated every instance of my check if the current user is a logged-in Kirby user the strange header messages disappear. And BTW: If I add to the fresh installation into the default.php template
<?php if($user = $site->user()) {} ?>
The same header message appears. As offen I enter the code above the same often I get the header message. Since I used this function as documented here
https://getkirby.com/docs/cheatsheet/site/user
I am a little helpless.
yves
February 12, 2016, 10:49pm
6
Another addition: The header messages only happen if the code
<?php if($user = $site->user()) {} ?>
is in a snippet or in a template. Once I’ve moved it into the controller (which obviously makes more sense) everything is fine again.
Thanks for the information. I have created an issue over on GitHub .
@yves : Could you check if the error disappears with the following code?
Replace the remove()
method in kirby/toolkit/lib/cookie.php
with:
public static function remove($key) {
if(static::exists($key)) {
unset($_COOKIE[$key]);
return setcookie($key, null, -1, '/');
} else {
return true;
}
}
1 Like
yves
February 13, 2016, 7:35pm
9
Yes, it does! Cool job and thanks.
BTW When I wrote that the header message disappeared once I’ve moved the code to the controller I was lying. The message actually showed up, but only once (partially). Heres the header without your patch:
HTTP/1.1 200 OK Pragma: no-cache Set-Cookie: kirby_session=2673mg2jr5jt1rjgje24q55f13; path=/, kirby_session=2673mg2jr5jt1rjgje24q55f13; path=/; HttpOnly, kirby_auth=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-01 OpenSSL/1.0.1e-fips PHP/7.0.2 Vary: Accept-Encoding Connection: close Transfer-Encoding: Identity Date: Sat, 13 Feb 2016 19:38:51 GMT Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate
And here with:
HTTP/1.1 200 OK Pragma: no-cache Set-Cookie: kirby_session=gdbe9hpqac888813gknuq1k3k0; path=/, kirby_session=gdbe9hpqac888813gknuq1k3k0; path=/; HttpOnly Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-01 OpenSSL/1.0.1e-fips PHP/7.0.2 Vary: Accept-Encoding Connection: close Transfer-Encoding: Identity Date: Sat, 13 Feb 2016 19:36:09 GMT Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate