@sgiehl opened this Pull Request on February 20th 2020 Member

Sending the cookie path encoded seems to let the browser discard the path value as invalid and use the current path instead. This causes two session cookies, one with current path, one with /. When logging out only of the cookies gets a new session id, the other one remains. That makes it impossible to login again until the cookies are cleared (or expire).

This Pull Request was closed on February 22nd 2020
Powered by GitHub Issue Mirror