-
Above are my configurations for 2 virtual hosts. The SPA application which name is bui.example.work, which worked well, I can see auth informations in debug log of apache console. But the another one can not get the valid user from shared cookie, which based on same OIDCCookieDomain example.work (If my understanding is correct) below are apache log when i try to access the backend API via mod_auth_openidc configuration.
|
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 6 replies
-
start by defning the shared config settings (i.e. the |
Beta Was this translation helpful? Give feedback.
-
Hi @zandbelt, thanks for help. I have been change my configurations based on u suggestions, but it still did not work well, below are my new configurations, please help me check it.
|
Beta Was this translation helpful? Give feedback.
-
move all of the OIDC* primitives up, move all of the SSL* primitives and LogLevel up...; then most importantly, define |
Beta Was this translation helpful? Give feedback.
-
Hi @zandbelt, thanks again, but it still not work. below are configurations and logs.
|
Beta Was this translation helpful? Give feedback.
-
that is all good, so if the log on the server then still says:
then something "in between" the browser and your backend is removing the session cookie, perhaps a WAF or CDN |
Beta Was this translation helpful? Give feedback.
-
Is there some possible about this issue which is caused by coding error of mod_auth_openidc, maybe when get the cookie from context in this case it will be missing or get incorrect domain to let cookie can not be get. |
Beta Was this translation helpful? Give feedback.
-
Hi @zandbelt , My work still struggle on this issue, I have been recheck those things over an over times, I found only one log record was warning level, see screenshot as below, does that thing can make the session cookie missing when try to access backend API? Another question, I have been read some refrence documents related with cookie, the default SameSite configuration is None in mod_auth_openidc module, based on RFC docs, those cookie will be send back automtically, or should I need to explicit manually send it back from SPA side? |
Beta Was this translation helpful? Give feedback.
that is all good, so if the log on the server then still says:
then something "in between" the browser and your backend is removing the session cookie, perhaps a WAF or CDN