Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-3646] Reliability and performance improvements to CookieStore #649

Merged
merged 9 commits into from
Sep 24, 2022
Merged

[SDK-3646] Reliability and performance improvements to CookieStore #649

merged 9 commits into from
Sep 24, 2022

Conversation

evansims
Copy link
Member

@evansims evansims commented Sep 24, 2022
edited
Loading

Changes

This PR:

  • Addresses an issue where encrypted cookies could sometimes become corrupted under certain circumstances, due to an encoding issue introduced by the encryption process. In these circumstances, this would result in a user being seemingly randomly logged out, or potentially failing the state check during authentication flows.
  • Adds a flagging process to track mutations to the session state, to avoid sending unnecessary headers.
  • Addresses an issue where if a cookie domain was assigned the same value as the HTTP_HOST environment variable the domain property in the cookie header could be sent improperly formatted.

Note that these changes require structural changes to session cookies. Upon updating your application with these merged changes, some users may need to reauthenticate to replace old session cookies with the new format.

This PR also contains unrelated changes to address failing unit tests necessary for this PR to pass review:

  • Dependency 'phpstan/phpstan-strict-rules' has been pinned to 1.4.3 temporarily to work around a breaking change introduced upstream.

References

See internal ticket SDK-3646

Testing

  • Tests have been adjusted to compensate for some of the internal API changes necessary for this fix
  • See GitHub workflow results

Contributor Checklist

@evansims evansims added this to the 8.3.1 milestone Sep 24, 2022
@evansims evansims marked this pull request as ready for review September 24, 2022 04:28
@evansims evansims requested a review from a team as a code owner September 24, 2022 04:28
@codecov-commenter
Copy link

codecov-commenter commented Sep 24, 2022
edited
Loading

Codecov Report

Base: 100.00% // Head: 100.00% // No change to project coverage 👍

Coverage data is based on head (620235d) compared to base (1e34266).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@             Coverage Diff             @@
##                main      #649   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
- Complexity       996      1006   +10     
===========================================
  Files             65        65           
  Lines           3636      3677   +41     
===========================================
+ Hits            3636      3677   +41
Impacted Files Coverage Δ
src/Store/CookieStore.php 100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@evansims evansims changed the title [SDK-3646] Fix encrypted cookie data corruption under some circumstances due to encoding issue [SDK-3646] Fix potential encrypted cookie corruption due to encryption-encoding Sep 24, 2022
@evansims evansims changed the title [SDK-3646] Fix potential encrypted cookie corruption due to encryption-encoding [SDK-3646] Reliability and performance improves to CookieStore Sep 24, 2022
@evansims evansims changed the title [SDK-3646] Reliability and performance improves to CookieStore [SDK-3646] Reliability and performance improvements to CookieStore Sep 24, 2022
@evansims evansims merged commit 04b1f5d into main Sep 24, 2022
@evansims evansims deleted the fix/cookie-edge-cases branch September 24, 2022 17:29
github-actions bot pushed a commit that referenced this pull request Sep 24, 2022
@evansims
Build: (04b1f5d) [SDK-3646] Reliability and performance improvements …
6f7c077 
…to CookieStore (#649)

* Improve CookieStore reliability under some circumstances

* Adjust tests to reflect CookieStore changes

* Ignore code coverage on untestable circumstances

* Remove leftover debug code

* Temporarily lock dependency due to break upstream

* Code quality improvements

* Additional improvements

* Expand tests
@evansims evansims mentioned this pull request Sep 24, 2022
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
8.3.1
Development

Successfully merging this pull request may close these issues.
2 participants
@evansims @codecov-commenter