10000 🐛 Bug Report: Session Doesn't Persist on Flutter Web · Issue #5645 · appwrite/appwrite · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

🐛 Bug Report: Session Doesn't Persist on Flutter Web #5645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
teneon opened this issue Jun 3, 2023 · 6 comments
Closed
2 tasks done

🐛 Bug Report: Session Doesn't Persist on Flutter Web #5645

teneon opened this issue Jun 3, 2023 · 6 comments
Assignees
@joeyouss
Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.

Comments

@teneon
Copy link
teneon commented Jun 3, 2023

👟 Reproduction steps

Hi,

i am using Flutter SDK

I have email/pass authentication added, so i can login, logout etc. Everything works fine on Android emulator, but when i start the project in Web (Chrome) there is an issue.

  1. When app starts it points me to the LoginScreen
  2. Open developer tools in Chrome and check for errors. There are none for now.
  3. I login with correct credential and i am routed (go_router) to HomeScreen
  4. Now two errors occur:
    1st error: Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute
    2nd error: Mark cross-site cookies as Secure to allow setting them in cross-site contexts

best regards,
Jim

👍 Expected behavior

I was searching issues and also docs on AppWrite, but i could not find a solution for this issue. Perhaps it is something simple that is either not yet well documented or i couldn't find it.

👎 Actual Behavior

On android emulator, i can restart the app (or even stop it and re-run it) and i get right back into HomeScreen as expected since i was already logged in and session is persistent as it should be.

But when i start the project on web device (chrome), then session is not
persistent. It always positions me at the LoginScreen when i stop and re-run the project (even though i am logged in). I guess it is not persistent, because of the cookie issues i have described above?

🎲 Appwrite version

Version 1.3.x

💻 Operating system

Linux

🧱 Your Environment

appwrite: ^9.0.0
appwrite console is version 1.3.3 ,locally installed while in development (later will be cloud)

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?
@teneon teneon added the bug Something isn't working label Jun 3, 2023
@Haimantika
Copy link
Contributor

Thanks for bringing this up @teneon . @gewenyu99 can you look into this?

@gewenyu99
Copy link
Contributor
gewenyu99 commented Jun 15, 2023
edited
Loading

@lohanidamodar Any idea?

Regardless, this probably has to do with localhost and Effect on customer websites and Microsoft services and products in Chrome version 80 or later.

We fall back to local storage in this case, and it should still work on localhost, there might be something weird with how the browser handles these cookies, like if you've disabled them or if you're using incognito.

I think you won't run into this issue outside of localhost development.

@joeyouss joeyouss self-assigned this Jun 19, 2023
@lohanidamodar
Copy link
Member

@teneon can you share the code? Some issue might occur if you are accessing appwrite server over https://localhost and Flutter web app is running over http://localhost. If that's the case ,set the appwrite endpoint also using http://localhost.

Also check localStorage to see if fallbackCookie is set or not. Please provide more details so that we can help

@stnguyen90 stnguyen90 added the product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services. label Jun 20, 2023
@stnguyen90 stnguyen90 changed the title 🐛 Bug Report: 🐛 Bug Report: Session Doesn't Persist on Flutter Web Jun 20, 2023
@teneon
Copy link
Author
teneon commented Jun 23, 2023

I was further testing this issue today. It turns out that the problem is when you launch Chrome (web device) via VSCode it always starts on a new port. So i tested it by specifying fixed port like this via CLI:
flutter run -d chrome --web-port 8000

And now the peristence works. Even if i close Chrome, restart it i am still logged in as expected. So i guess the problem i experienced is just that you have to use fixed port.

However those error messages in Chrome devel tools (under issues) still remain while i am testing this locally:

Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests.

I will test this on your cloud soon, wh 8000 ere as someone said problem should not occur.

Best regards!

@gewenyu99
Copy link
Contributor

I was further testing this issue today. It turns out that the problem is when you launch Chrome (web device) via VSCode it always starts on a new port. So i tested it by specifying fixed port like this via CLI: flutter run -d chrome --web-port 8000

And now the peristence works. Even if i close Chrome, restart it i am still logged in as expected. So i guess the problem i experienced is just that you have to use fixed port.

However those error messages in Chrome devel tools (under issues) still remain while i am testing this locally:

Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery. Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute. Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests.

I will test this on your cloud soon, where as someone said problem should not occur.

Best regards!
Yeah this makes sense... We could add this to the self-hosting docs, but the experience is going to be poor regardless because of how Chrome handles cookies for localhost.

Anyway, glad you figured it out.

@stnguyen90 stnguyen90 mentioned this issue Jul 22, 2023
Merged
This was referenced Jul 25, 2023
Closed
Closed
Closed
Closed
@joeyouss
Copy link

I am closing this issue since it is now fixed.

@github-actions github-actions bot mentioned this issue Aug 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joeyouss joeyouss

Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@stnguyen90 @lohanidamodar @teneon @gewenyu99 @Haimantika @joeyouss
0