Issue with security provider and browser cache

Wappler: 4.4.5
OS: MacOS
Server: PHP

An issue has arisen with a site I built last year and has been working fine until the last couple of weeks. I use Security Provider in the normal way. Now, when someone successfully logs in, it redirects to their account page but bounces them straight back to the login page. They are logged in, though. The only way I can get to view the account page is if I clear the browser cache (cached images and files - Chrome) and then I can view the account page fine.

So this is the process:

• Go to login page
• Enter correct username and password
• Redirect to account page
• Bounce straight back to login page
• Clear browser cache
• Navigate directly to the account page without needing to log in again (so already logged in)
• Successfully view account page

The only way to successfully log in after logging out is to clear the browser cache.

I’m at a loss as to what’s causing this.

Can anyone assist with this? At the moment no-one can log in because asking customers to clear their browser cache is not a solution. I’d be happy to private message a login so you can test it yourselves.

So actually your login is just not working? Maybe your cookie does not set correctly.

So check your cookie settings. What do you have as cookie settings?

Also what is the same site cookie settings? Strict or lax?

The login works perfectly after clearing the browser cache. And I can return days later and still be logged in. The issue is if I log out and then try to log in again, it passes the security but bounces me back to the login page. If I then clear the cache, it lets me go to the account page without needing to log in again.

Cookie options are:

Screenshot 2021-12-18 at 10.58.41814×366 7.29 KB

Might be related to the same site cookie settings try inspecting the cookies in the dev tools to see what is going on.

It doesn’t look like a cookies issue and when I clear the browser cache, I’m only clearing the images and files, not the cookies. And if I manually delete the cookies it doesn’t fix it.

Screenshot 2021-12-18 at 11.05.132562×132 28.7 KB

This has been working fine for months and only started causing an issue in the last few weeks.

Try setting the secure on when using same site none:

• Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).

I’ve made those changes but it’s not made any difference.

Try to set the cookie settings with same site none, secure and also expire other than 30 days

No difference I’m afraid:

Screenshot 2021-12-18 at 12.12.28800×366 13.8 KB

I don’t think it’s the cookie. The cookie works perfectly when I clear the browser cache of just files and images and I don’t need to log in again.

How do you do the redirect them?

I have a flow on success of the login api:

It enables me to redirect to the page they were on prior to logging in.

Has this issue been resolved? My site is experiencing the same issue since the same update and still not fixed in 4.5.2.

Yep, I believe it was fixed in the last couple of versions. Provider.php was the script which needed changing. Are you on PHP?

I am on PHP but the latest version hasn’t resolved my issue. More specifically, my site implements the security provider and was working fine last year. I think the latest version I had been using prior to the problem was 4.4.5. When I updated to 4.5.1, the login procedure broke - and 4.5.2 didn’t correct the issue. When I use Google Chrome developer’s pane to view the problem, I only see that the security provider kicks a 500 error… but no other information. I apologize if my response isn’t insightful. I’m more than happy to provide more specifics if desired. Thank you for your feedback, suggestions, etc.

That sounds like a different issue. I had the login working successfully but the redirect was failing due to caching on the server. They introduced a fix to clear the cache.

I think you are absolutely correct. I was hoping that is was “related”. Thank you again!

Please check: