Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 7.3.0
    • Components: None
    • Labels:
      None
    • Sprint:

      Description

      When using a session cache such as memcached for Lucee sessions, setting `this.sessionCluster = true` causes issues with session rotation/invalidation and csrf token validation (data is not persisted to the session for some reason). On top of that, session cluster "true" means that the entire session is read over the wire on each request.

      To avoid these problems, and fix misconfiguration retrospectively, Core will force `this.sessionCluster = false`.

      If these bugs are later resolved in Lucee session caches then we can consider reversing this change.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              justincarter Justin Carter
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: