[GH-ISSUE #1112] OAUTH2 authorization callback issue with some session types #576

New issue

Closed

opened 2026-02-25 21:35:24 +03:00 by kerem · 1 comment

kerem commented 2026-02-25 21:35:24 +03:00

Owner

Copy link

Originally created by @Yannick243 on GitHub (Jul 6, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1112

Originally assigned to: @Yannick243 on GitHub.

When handling the authorization callback from OAuth2 flows like GitHub, the user is being logged out if they have configured the SESSION_TYPE environment variable to something other than the default PHP (e.g., using DB). This forces the user to log in again.

This issue is the continuation of https://github.com/cypht-org/cypht/pull/1021 and https://github.com/cypht-org/cypht/pull/1086. We found that the SameSite option for the hm_session cookie remains set to Strict instead of Lax when using a different SESSION_TYPE.

Originally created by @Yannick243 on GitHub (Jul 6, 2024). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1112 Originally assigned to: @Yannick243 on GitHub. When handling the authorization callback from OAuth2 flows like GitHub, the user is being logged out if they have configured the `SESSION_TYPE` environment variable to something other than the default `PHP` (e.g., using `DB`). This forces the user to log in again. This issue is the continuation of [https://github.com/cypht-org/cypht/pull/1021](https://github.com/cypht-org/cypht/pull/1021) and [https://github.com/cypht-org/cypht/pull/1086](https://github.com/cypht-org/cypht/pull/1086). We found that the `SameSite` option for the `hm_session` cookie remains set to `Strict` instead of `Lax` when using a different SESSION_TYPE.

kerem closed this issue 2026-02-25 21:35:24 +03:00

kerem commented 2026-02-25 21:35:24 +03:00

Author

Owner

Copy link

@Yannick243 commented on GitHub (Jul 26, 2024):

@josaphatim
This can be closed as it has been resolved

<!-- gh-comment-id:2252583164 --> @Yannick243 commented on GitHub (Jul 26, 2024): @josaphatim This can be closed as it has been resolved

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#576

No description provided.