Cookie set error?

[TheOnlyYogo]

Hi, had a look around but couldn't find anything specific...

I'm getting this cookie error after a while (like a few hours):

Any help would be great

EDIT: I should add, that this error goes away if I clear my cookies in the browser, but returns after a few hours

[d-rez]

+1. Started getting it a few updates ago but I can't recall which one exactly.

I can also temp-fix it by clearing cookies but that's highly inconvenient as:

• I run multiple containers on the same hostname so it clears everything
• It takes a few clicks

My setup:

• Dockerized (image up to date, managed with portainer - https://hub.docker.com/r/linuxserver/heimdall/)
• Worked perfectly fine a few months ago
• Internal docker port 80 mapped to host port 8082
• I'm using Heimdall Autologin URL as my homepage (not sure if related in any way)

I suspect (based on nothing) that cookie with name XSRF-TOKEN is getting overriden by another service/container. Could this be localized to include heimdall in its name? e.g. "hemidall-xsrf-token"?

Error message same as screenshots but let's have it in text so it's search-able:

Symfony\Component\Debug\Exception\FatalThrowableError thrown with message "Call to a member function setCookie() on null"

Stacktrace:
#0 Symfony\Component\Debug\Exception\FatalThrowableError in /var/www/localhost/heimdall/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:180

Rest of data from the error page below (contents redacted)

    * remember_web_59ba36...
    * _ga   
    * tautulli_token_0d368...
    * portainer_UI_STATE    
    * stay_login    
    * id    
    * smid  
    * SID   
    * XSRF-TOKEN    
    * heimdall_session  
    * _gid  

Session empty
Server/Request Data
    * USER "abc"
    * HOME "/config"
    * HTTP_UPGRADE_INSECURE_REQUESTS: "1"
    * HTTP_COOKIE: "remember_web_59ba3..."
    * HTTP_CONNECTION: "keep-alive"
    * HTTP_DNT: "1"
    * HTTP_ACCEPT_ENCODING: "gzip, deflate"
    * HTTP_ACCEPT_LANGUAGE: "en-US,en;q=0.5"
    * HTTP_ACCEPT: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    * HTTP_USER_AGENT: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0"
    * HTTP_HOST: "myhostname.mydomain:8082"
    * PHP_AUTH_PW: ""
    * PHP_AUTH_USER: ""
    * SCRIPT_FILENAME: "/var/www/localhost/heimdall/public/index.php"
    * REDIRECT_STATUS: "200"
    * SERVER_NAME: "_"
    * SERVER_PORT: "80"
    * SERVER_ADDR: "172.17.0.5"
    * REMOTE_PORT: "37440"
    * REMOTE_ADDR: "172.17.0.1"
    * SERVER_SOFTWARE: "nginx/1.16.0"
    * GATEWAY_INTERFACE: "CGI/1.1"
    * REQUEST_SCHEME: "http"
    * SERVER_PROTOCOL: "HTTP/1.1"
    * DOCUMENT_ROOT: "/var/www/localhost/heimdall/public"
    * DOCUMENT_URI: "/index.php"
    * REQUEST_URI: "/"
    * SCRIPT_NAME: "/index.php"
    * CONTENT_LENGTH: ""
    * CONTENT_TYPE: ""
    * REQUEST_METHOD: "GET"
    * QUERY_STRING: ""
    * FCGI_ROLE: "RESPONDER"
    * PHP_SELF: "/index.php"
    * REQUEST_TIME_FLOAT: 1562854382.7075
    * REQUEST_TIME: 1562854382
    * APP_NAME: "Heimdall"
    * APP_ENV: "local"
    * APP_KEY: "base64:..."
    * APP_DEBUG: "true"
    * APP_LOG_LEVEL: "debug"
    * APP_URL: "http://localhost"
    * DB_CONNECTION: "sqlite"
    * DB_DATABASE: "app.sqlite"
    * BROADCAST_DRIVER: "log"
    * CACHE_DRIVER: "file"
    * SESSION_DRIVER: "file"
    * SESSION_LIFETIME: "120"
    * QUEUE_DRIVER: "database"
    * REDIS_HOST: "127.0.0.1"
    * REDIS_PASSWORD: "null"
    * REDIS_PORT: "6379"
    * MAIL_DRIVER: "smtp"
    * MAIL_HOST: "smtp.mailtrap.io"
    * MAIL_PORT: "2525"
    * MAIL_USERNAME: "null"
    * MAIL_PASSWORD: "null"
    * MAIL_ENCRYPTION: "null"
    * PUSHER_APP_ID: ""
    * PUSHER_APP_KEY: ""
    * PUSHER_APP_SECRET: ""
    * PUSHER_APP_CLUSTER: "mt1"
    * SHELL_VERBOSITY: 0
    * Environment VariablesAPP_NAME: "Heimdall"
    * APP_ENV: "local"
    * APP_KEY: "base64:..."
    * APP_DEBUG: "true"
    * APP_LOG_LEVEL: "debug"
    * APP_URL: "http://localhost"
    * DB_CONNECTION: "sqlite"
    * DB_DATABASE: "app.sqlite"
    * BROADCAST_DRIVER: "log"
    * CACHE_DRIVER: "file"
    * SESSION_DRIVER: "file"
    * SESSION_LIFETIME: "120"
    * QUEUE_DRIVER: "database"
    * REDIS_HOST: "127.0.0.1"
    * REDIS_PASSWORD: "null"
    * REDIS_PORT: "6379"
    * MAIL_DRIVER: "smtp"
    * MAIL_HOST: "smtp.mailtrap.io"
    * MAIL_PORT: "2525"
    * MAIL_USERNAME: "null"
    * MAIL_PASSWORD: "null"
    * MAIL_ENCRYPTION: "null"
    * PUSHER_APP_ID: ""
    * PUSHER_APP_KEY: ""
    * PUSHER_APP_SECRET: ""
    * PUSHER_APP_CLUSTER: "mt1"
    * SHELL_VERBOSITY: 0
Registered Handlers
    * 0. Whoops\Handler\PrettyPageHandler

[javiercp]

I'm having the same error.

In my case I think it started when I installed the LinuxServer NextCloud container. After I enter NextCloud I can't access Heimdall.

[FritzJo]

Just got this error today. Iam using autologin as well, so this might be connected to the issue

[mycroes]

Same issue, without autologin. Running Traefik to access the docker container running Heimdall.

[ark-]

Same issue, no autologin. Accessing it directly using http://localhost:8228.

[coyt]

Running Heimdall in the unRAID docker container / app and having the same issue in Chrome. Clearing cookies in chrome temporarily fixes the issue. Haven't seen the issue at all when using EDGE as browser.

[phil-hudson]

+1

Symfony \ Component \ Debug \ Exception \ FatalThrowableError (E_ERROR)
Call to a member function setCookie() on null

Application frames (0) All frames (1)
0
Symfony
\Component
\Debug
\Exception
\FatalThrowableError
…
/vendor
/laravel
/framework
/src
/Illuminate
/Foundation
/Http
/Middleware
/VerifyCsrfToken.php
180
/var
/www
/localhost
/heimdall
/vendor
/laravel
/framework
/src
/Illuminate
/Foundation
/Http
/Middleware
/VerifyCsrfToken.php

[mladiucitelj]

Same error here!

Using Heimdall version 2.2.2. Error is showing up in Safari browser.

Clearing cookies help, but that is inconvenient.

[tgc12]

I keep getting the error. Is it any way to completely disabling cookies? I'm currently working with the auto-login url and it's working like a charm in incognito (which doesn't save cookies).

[coyt]

bump

[Denow]

Same issue since updating to 2.2.2. I am using autologin as well.

[Rami-Pastrami]

+1 I am unsure what causes this to occur, but clearing cookies gets rid of the the issue temporarily. I am using firefox and my site is behind a nginx reverse proxy

[jlficken]

I'm having this same issue behind a nginx reverse proxy.

I've tried all kinds of proxy settings to no avail. I was going to use this as a landing page on my personal website for my family but I just can't deal with having them clear cookies constantly so I'm just going to disable it for now.

Hopefully this gets fixed as I really like this app.

[mladiucitelj]

That's why I'm still on version 2.1.13. This one works. I gave up on updates for now.

[jlficken]

That's why I'm still on version 2.1.13. This one works. I gave up on updates for now.

Any chance you could help a newb out with a link for that version to install it on UnRAID?

[mladiucitelj]

I use dockerized version from here: https://www.synoforum.com/resources/heimdall-dashboard-for-all-your-web-applications.27/

Just download version 2.1.13 in Docker and set it up.

[jlficken]

Thanks! I'll see if I can get it figured out.

[Rami-Pastrami]

bumping since its still an issue

[beaverly72]

same issue

[TheOnlyYogo]

bump

[jlficken]

It appears that this app constantly breaking isn't a concern with the developers so I'm just going to uninstall it.

It would have been great to use it but it's no longer worth the hassle.

[d-rez]

I've stopped using it ages ago, unless someone makes a fork and fixes it themselves I don't think we're getting this back to a working shape

[TheOnlyYogo]

ok, i think I may have found a solution... it's not pretty, but my initial impression is that it works ... found it while playing with Organizr..

https://docs.organizr.app/books/troubleshooting/page/redirect-looping---samesite-errors

[customizeXF]

Same issue using latest version.

Any good alternative to Heimdall?

[paralllax]

bumping, having the same issue on the latest version, docker install. @customizeXF maybe organizr, iDashboard-php, BrowserStartpage, or muximux

Found an older version as suggested earlier, so far seems promising. Found here

docker pull linuxserver/heimdall:63e0d07d-ls12 docker run -d -v heimdall:/config --name=heimdall -e PUID=1000 -e PGID=1000 -p 10.10.10.6:80:80 -p 10.10.10.6:443:443 linuxserver/heimdall:63e0d07d-ls12

Wish I knew enough to issue a pull request :/ hopefully it gains some traction, would love to be on the latest release.

[duracell]

Same error here, but I don't want to use an old version, especially if it seems bug reports are not noticed. Maybe build it once, save it as static page or use another software is a better alternative.

[customizeXF]

I gave up on Heimdall cookie error. Using SUI now and it suits perfectly for my needs.

[paralllax]

So I talked to the developers on discord the other week, They're completely refactoring the code, and from what I understood, this bug along with most others should be fixed when it comes out. You can test it out, but a few key features are still missing. When I messed around with it, I confirmed, at-least in my case, the issue didn't seem to be there.

[systemofapwne]

So I talked to the developers on discord the other week, They're completely refactoring the code, and from what I understood, this bug along with most others should be fixed when it comes out. You can test it out, but a few key features are still missing. When I messed around with it, I confirmed, at-least in my case, the issue didn't seem to be there.

Hi. I am also facing this annoying issue. I wasn't able to find a specific branch for the reworked version. Do you have a link? I just figured, the issue is happening in the the laravel framework. Probably because of improperly calling verifyCsrfToken.php:addCookieToResponse()

[paralllax]

For sure, you can find it here. They're keeping the code there until it's ready for release. I've been out of the news so to speak for a while, so I am not certain what the status of things are. You can keep up with their projects here.

To run in docker:

docker run -d --name heimdalljs -p 3000:3000 -v path_to_config:/config -e PUID=$(PUID) -e PGID=$(PGID) -e TZ=America/New_York alexphillips/heimdalljs

As noted though, this hasn't been officially released and is still under active development (AFAIK). Depending on your use case you may be better off using an old version until the new one is complete.

[systemofapwne]

Thank you. I can now understand, why there is "soo less love" concerning this bug (and probably others), since the new development of heimdall refactored the code to nodejs. In terms of completeness: The repo for the prebuild container "alexphillips/heimdalljs" is available at https://github.com/alex-phillips/docker-heimdall

But as already stated before: Keep in mind, that this version is not yet finalized and certainly has missing features. But for me, it is working perfectly fine.

Edit: Even though I would prefere Heimdall, I now switched to Organizr instead, where I added a tab with the "old" Heimdall (basically for the search and none-homelab related but usefull links, available via no login at all - Lets see how this works out). The unfinished beta of heimdalljs was yet missing too much features and the current stable heimdall version is simply too unreliable for me with this cookie issue in the laravel framework. But I consider switching back once heimdalljs is polished :)

[weak-head]

Any updates on this one? It's pretty annoying bug and it keeps happening every other time.

[theboblopez]

This is still an issue now. Just installed heimdall for the first time and getting this. Any updates on when the js version should be ready? Otherwise I'll just find another solution.

[ErSauravAdhikari]

This issue is very annoying.

[gnius]

I'm also experiencing this issue. It essentially makes the piece of software unusable. Would love some guidance for troubleshooting it, if it exists.

[craxo]

This issue is why I never use heimdall, nor do I recommend it for my friends. I was way hyped when I first found heimdall with a clean way to navigate my hosted services.

[jlficken]

Just switch to Organizr V2. Heimdall is a lost cause and it will never be fixed.

[weak-head]

Same here. Dumped Heimdall with eyes full of tears of sorrow. Such a great product wasted and so many lost opportunities. This problem is almost 2 years old...

[ErSauravAdhikari]

It will not fix this error but, I do have a hack for this.

Create one User without any login Information, Then whenever the cookie set error comes, instead of showing such error page, this will just log us out. So we just have to log in. Although you may have to log in multiple times (Only happens when you system is freshly booted from restart or shut down) It works.

That's the way I do it. And I have been able to use this product.

[nathan40]

Have the same issue. Running it from a TrueNAS plugin.

[jlficken]

It's never going to get fixed. I'd suggest running something else.

I switched to Organzr V2.

On Thu, Sep 2, 2021 at 12:14 PM nathan40 @.***> wrote:

Have the same issue. Running it from a TrueNAS plugin.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/linuxserver/Heimdall/issues/379#issuecomment-911894902, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIIVYE2G3WJSENVYT4X64RDT76WHLANCNFSM4H7NMSSQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[Drallas]

2021 and this Bug is still going strong!

I have bookmarked heimdall/userselect to quickly login again..

[j0nnymoe]

@Drallas It's already been mentioned above that focus is on V3 of heimdall now.

[Drallas]

@Drallas It's already been mentioned above that focus is on V3 of heimdall now.

Yes I saw that, but unfortunately nothing on the Heimdall site news section. Most people still pull Latest on a handful v3.

Is V3 usable / Stable?

[j0nnymoe]

I believe the core functionality is there but lacking enhanced app's I believe currently.

[Drallas]

I believe the core functionality is there but lacking enhanced app's I believe currently.

I use the enhanced app's a lot, but will just pull an V3 to keep up with it's progress.

[xiaozhubin]

I'v found a temporary solution. Delete the Heimdall's cookie and refresh the website, it could solve the problem.

[KodeStar]

The underlying framework has been updated 3 major versions in 2.3.0, so would be interesting to see if this is still an issue. Or if someone could guide me to a way of reliably reproducing the issue.

[KodeStar]

This appears to be due to more than one app (heimdall being one of them) using a cookie called XSRF-TOKEN which is the default in laravel, so I updated it to be HEIMDALL-XSRF-TOKEN. It would only have affected people that had the apps running from the same domain I believe.

[tedcook94]

This is now happening me to as well on the latest version. I'm running it behind a Swag reverse proxy. Clearing cookies does resolve it temporarily, but it comes back after a few hours. This is across multiple devices.

I see the HEIMDALL-XSRF-TOKEN cookie @KodeStar mentioned adding, but the regular XSRF-TOKEN is still present as well and may be contributing to the issue.