View Issue Details

IDProjectCategoryView StatusLast Update
0001976XdebugStep Debuggingpublic2021-10-04 09:32
Reporterjohnwc Assigned Toderick  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Platformx64OSWindowsOS Version10
Product Version3.0.4 
Target Version3.1devFixed in Version3.1.0 
Summary0001976: Switch debug session cookie to Lax, and remove expiry time
Description

Can we have a option for sameSite, so that we can set it to lax or something that the dev needs it to be for the project at hand?
We have an issue with it being set as strict in our project. When doing a oAuth flow for login, the cookie does not get applied on the initial transfer back to our site after a login. The browser states that it ignored the cookie, because the source post was not from the same site. So we can not debug the first login page request with the oAuth info. This initial post back to the site lets us know if there was a problem with the login, apply tokens, etc...

Can we also have an option that allows us to set the timeout for the cookie?
Currently when debugging a long workflow, and not closing down the debug session in the IDE, the 1 hour limit kills the debug session and we must restart it.

Sorry if these are already options, and I am just not finding them.

TagsNo tags attached.
Operating SystemWindows 10
PHP Version7.4.10-7.4.19

Activities

johnwc

2021-05-19 16:51

reporter   ~0005882

I am using Visual Studio 2019 v.16.9.5, PHP Tools for Visual Studio v.1.52.13352.2019, and Edge v.90.0.818.62

exussum

2021-06-14 11:29

reporter   ~0005902

You could do one of the following
set the cookie manually in browser or PHP. Then you choose the time and same site policy, as long as you dont have xdebug_start_session in GET / POST/ ENV it wont be overwritten

or set to start on every request
https://xdebug.org/docs/step_debug#start_with_request

then you don't need the cookie

johnwc

2021-06-14 16:17

reporter   ~0005904

This is a feature request...

I didn't realize this was a forum... We're not looking for a hack workaround to add to code that is used only in development...

derick

2021-06-16 18:59

administrator   ~0005906

This is not a forum, indeed.

Is there actually a reason to have the "strict" cookies, and can Xdebug get away with just using "lax"?
Similarly, does it make sense that there is a limit of an hour for the cookie anyway?

The reason why I'm asking is, that I prefer as few settings as possible, so if I can get away with not adding settings, and just changing things, that I'd find preferable.

cheers,
Derick

johnwc

2021-06-16 23:25

reporter   ~0005907

I don't see any reason why lax would not work as the default. Most likely being apart of development environment anyway, it's probably best for it to be lax to allow greater flexablity.

I think it would also be completely fine to have the cookie be set to expire on browser close.

derick

2021-07-19 07:51

administrator   ~0005930

I've just merged a fix that switched the cookie to Lax, and removes the hour expiry time: https://github.com/xdebug/xdebug/pull/760

Would you be able to test the latest Xdebug from GitHub to see if this addresses your issue?

derick

2021-07-22 11:04

administrator   ~0005933

Ping? :-)

johnwc

2021-07-23 17:31

reporter   ~0005937

Sorry, I've been out of town for a while. I will test it out this weekend.

johnwc

2021-07-23 17:34

reporter   ~0005938

Do you have a pipeline that builds nightly or PRs, so I can just download an already built beta build? Or do I need to pull down from git and build it myself?

derick

2021-07-25 18:14

administrator   ~0005939

You can get the binaries from the PR builds. If you click on the right configuration at https://ci.appveyor.com/project/derickr/xdebug/builds/40035499, there is a "Artifacts" tab that should have the DLL for you. If you don't know which one to pick, show me the top section of your phpinfo() output.

johnwc

2021-07-26 07:21

reporter   ~0005940

Seems to be working great! Thank you!

derick

2021-07-26 14:22

administrator   ~0005941

Thanks for confirming!

Issue History

Date Modified Username Field Change
2021-05-19 16:48 johnwc New Issue
2021-05-19 16:51 johnwc Note Added: 0005882
2021-06-14 11:29 exussum Note Added: 0005902
2021-06-14 16:17 johnwc Note Added: 0005904
2021-06-16 18:59 derick Assigned To => derick
2021-06-16 18:59 derick Status new => feedback
2021-06-16 18:59 derick Note Added: 0005906
2021-06-16 23:25 johnwc Note Added: 0005907
2021-06-16 23:25 johnwc Status feedback => assigned
2021-06-30 11:29 derick Target Version => 3.1dev
2021-07-16 17:07 derick Summary XDEBUG_SESSION sameSite/expire setting => Switch debug session cookie to Lax, and remove expiry time
2021-07-19 07:51 derick Status assigned => feedback
2021-07-19 07:51 derick Note Added: 0005930
2021-07-22 11:04 derick Note Added: 0005933
2021-07-23 17:31 johnwc Note Added: 0005937
2021-07-23 17:31 johnwc Status feedback => assigned
2021-07-23 17:34 johnwc Note Added: 0005938
2021-07-25 18:14 derick Note Added: 0005939
2021-07-25 18:15 derick Status assigned => feedback
2021-07-26 07:21 johnwc Note Added: 0005940
2021-07-26 07:21 johnwc Status feedback => assigned
2021-07-26 14:22 derick Status assigned => closed
2021-07-26 14:22 derick Resolution open => fixed
2021-07-26 14:22 derick Fixed in Version => 3.1dev
2021-07-26 14:22 derick Note Added: 0005941
2021-09-05 16:15 derick Fixed in Version 3.1dev => 3.1.0beta1
2021-10-04 09:32 derick Fixed in Version 3.1.0beta1 => 3.1.0