Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The original removal of the cookie on line 206 is outside of the $redirect conditional, but here we are adding it to the $redirect context. Are we losing any functionality as a result of this, or there are no cases when we need to unset the cookie when there are no redirects?
mattgillCreditAttribution: mattgill as a volunteer commented
Thanks!
I had another look through, my understanding of the code is that:
Originally, if the redirect cookie was set,
Set the redirect variable
Unset the redirect cookie
And in the patch, it does the same, but instead of unsettling the cookie at that point, waits until inside the redirect conditional (where we have the response object available). Because we still set the redirect variable, we can say that we wouldn't loose any functionality (the cookie is just removed slightly later in the execution).
I was getting errors thrown about setting headers - maybe due to something introduced in recent versions of Drupal? Anyhow, here is a patch based on the other patch in this thread and working against the latest dev.
Comments
Comment #2
mattgill CreditAttribution: mattgill as a volunteer commentedContributing patch to convert cookie methods to using the Symfony mechanism.
Comment #3
snufkin CreditAttribution: snufkin at Cheppers commentedOverall I love this, I am really happy to add more standardised, framework dependent API. Without fully digging into the code I have one question:
The original removal of the cookie on line 206 is outside of the $redirect conditional, but here we are adding it to the $redirect context. Are we losing any functionality as a result of this, or there are no cases when we need to unset the cookie when there are no redirects?
Comment #4
mattgill CreditAttribution: mattgill as a volunteer commentedThanks!
I had another look through, my understanding of the code is that:
Originally, if the redirect cookie was set,
And in the patch, it does the same, but instead of unsettling the cookie at that point, waits until inside the redirect conditional (where we have the response object available). Because we still set the redirect variable, we can say that we wouldn't loose any functionality (the cookie is just removed slightly later in the execution).
Hope that makes sense!!
Comment #5
mattgill CreditAttribution: mattgill as a volunteer commentedAlso, if you get a moment, can you check line 152:
http://cgit.drupalcode.org/simplesamlphp_auth/tree/src/Controller/Simple...
I believe
$request->request->get('ReturnTo')
should be replaced with
$request->get('ReturnTo')
if you agree, let me know and I'll submit another patch :)
Comment #6
joelpittet@mattgill, re #4, it's better to be explicit so I wouldn't replace it, leave it as
$request->request->get('ReturnTo')
Comment #7
joelpittetIt looks like this may have been resolved in another way in the dev branch.
Comment #8
mikejw CreditAttribution: mikejw at University of Adelaide commentedI was getting errors thrown about setting headers - maybe due to something introduced in recent versions of Drupal? Anyhow, here is a patch based on the other patch in this thread and working against the latest dev.