Crumb cookie disappearing

[franksama]

hello,

i'm seeing the crumb cookie intermittently disappearing from request.state and the raw request cookie header. is this a known issue?

our users get a crumb cookie initially, but then midway through their browsing experience, the crumb cookie disappears which causes subsequent post calls to throw a 403.

i'm using hapi 16.6.3 with crumb version 6.0.3

thanks

[spanditcaa]

Hi @franksama. No, that is not a known issue. Can you provide your crumb plugin config and any other relevant details about your implementation?

[franksama]

Currently my crumb config looks like so:

"crumb": {
            "register": "require:crumb",
            "options": {
                "key": "crumbv2",
                "cookieOptions": {
                    "isSecure": true
                },
                "logUnauthorized": true
            }
        }

so in the logs what I'm seeing is the initial request to the app contains no crumbv2 cookie, so one gets set by the crumb plugin in generate. as the user uses the site, the crumbv2 suddenly disappears as I have hooks inspecting the request.state as well as the raw cookie header and the crumbv2 cookie is not present. other cookies are there.

[spanditcaa]

@franksama Is any content on your site served over http and not https ?

[franksama]

https

[spanditcaa]

@franksama I've been keeping an eye on our production environments, also hapi 16.6.3 and crumb 6.0.3; all https -- I haven't seen any cases of your issue. I also reviewed the crumb code and nothing un-sets a cookie. Have you identified repro steps or can you provide a failing test that demonstrates this ?

[franksama]

Hi @spanditcaa, I'll go ahead and close the issue. I was not able to repo, but my customers seem to be experiencing it. I don't think it is related to the crumb hapi plugin. Thank you!

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.