[GH-ISSUE #854] Forwarding login cookie to Calibre Webserver #722

New issue

Closed

opened 2026-02-26 06:34:08 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 06:34:08 +03:00

Owner

Copy link

Originally created by @jebr on GitHub (Feb 1, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/854

Checklist

• Please read the setup instructions

• Please read the FAQ

What is troubling you?
I am having problems sending a login cookie trough the proxy manager. I use the calibre-web application and it is automatically logged out after logging in. According to the developer, this has to do with the login cookie not being properly forwarded to the web server. I have performed the suggested actions but they are not having the desired effect. I have already tried ato pass extra values to the proxy manager, but nothing seems to work. When I access the web server locally, I do stay logged in.

Do you have any idea how I can fix this problem?

Originally created by @jebr on GitHub (Feb 1, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/854 **Checklist** - [x] Please read the [setup instructions](https://nginxproxymanager.com/setup/) - [x] Please read the [FAQ](https://nginxproxymanager.com/faq/) **What is troubling you?** I am having problems sending a login cookie trough the proxy manager. I use the [calibre-web](https://github.com/janeczku/calibre-web) application and it is automatically logged out after logging in. According to the developer, this has to do with the login cookie not being properly forwarded to the web server. I have performed the suggested actions but they are not having the desired effect. I have already tried ato pass extra values to the proxy manager, but [nothing ](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy) seems to work. When I access the web server locally, I do stay logged in. Do you have any idea how I can fix this problem?

kerem 2026-02-26 06:34:08 +03:00

• closed this issue
• added the
  product-support
  label

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@petkin700 commented on GitHub (Feb 1, 2021):

Is your cookie set for correct domain which is terminated on npm?

<!-- gh-comment-id:771140140 --> @petkin700 commented on GitHub (Feb 1, 2021): Is your cookie set for correct domain which is terminated on npm?

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@jebr commented on GitHub (Feb 1, 2021):

Thanks for your quick response. As I can see now it seems that the right domain is associated with the cookie. I have added an image of the data from my browser.

<!-- gh-comment-id:771144429 --> @jebr commented on GitHub (Feb 1, 2021): Thanks for your quick response. As I can see now it seems that the right domain is associated with the cookie. I have added an image of the data from my browser. 

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@petkin700 commented on GitHub (Feb 2, 2021):

Hi jebr,

today I bring up the calibre-web from this docker image in my home lab and could not reproduce your issue with authentication when it resides behind npm

<!-- gh-comment-id:771581736 --> @petkin700 commented on GitHub (Feb 2, 2021): Hi jebr, today I bring up the calibre-web from this [docker image](https://hub.docker.com/r/linuxserver/calibre-web) in my home lab and could not reproduce your issue with authentication when it resides behind npm <img width="1477" alt="Screen Shot 2021-02-02 at 1 45 19 PM" src="https://user-images.githubusercontent.com/30834618/106596211-5c4f5900-655d-11eb-84b8-d66bb54fa146.png">

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@jebr commented on GitHub (Feb 2, 2021):

Thank you very much for testing calibre-web. After your message I checked what kind of traffic is still running between npm and the application.
In the browser I get the following message:
Cookie “remember_token” has been rejected because it is already expired.

I am using Cloudflare (proxy) -> npm -> calibre-web. I have now set the connection to DNS-only in Cloudflare and that seems to solve the problem, I am no longer logged out.

The strange thing is that I use multiple applications behind npm that continue to work when Cloudflare is on proxy. Do you know if I can keep Cloudflare on DNS-only without any problems?

<!-- gh-comment-id:771617811 --> @jebr commented on GitHub (Feb 2, 2021): Thank you very much for testing calibre-web. After your message I checked what kind of traffic is still running between npm and the application. In the browser I get the following message: Cookie “remember_token” has been rejected because it is already expired. I am using Cloudflare (proxy) -> npm -> calibre-web. I have now set the connection to DNS-only in Cloudflare and that seems to solve the problem, I am no longer logged out. The strange thing is that I use multiple applications behind npm that continue to work when Cloudflare is on proxy. Do you know if I can keep Cloudflare on DNS-only without any problems? 

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@petkin700 commented on GitHub (Feb 2, 2021):

you could use DNS only, but it's make really a small of sense, because:

1. you expose your real IPs to the world
2. you loose most benefits of cloudflare protection

tomorrow i'll try to reproduce your setup with my cloudflare account and already deployed calibre-web )))

<!-- gh-comment-id:771891873 --> @petkin700 commented on GitHub (Feb 2, 2021): you could use DNS only, but it's make really a small of sense, because: 1. you expose your real IPs to the world 2. you loose most benefits of cloudflare protection tomorrow i'll try to reproduce your setup with my cloudflare account and already deployed calibre-web )))

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@petkin700 commented on GitHub (Feb 2, 2021):

ok tomorrow is comes )))
I try to use cloudflare, and also couldn't reproduce your cookie problem, so i think it's cloudflare protection play with you and calibre, try to read cloudflare doc's and may be turn protection level not so hard for begining

<!-- gh-comment-id:771928993 --> @petkin700 commented on GitHub (Feb 2, 2021): ok tomorrow is comes ))) I try to use cloudflare, and also couldn't reproduce your cookie problem, so i think it's cloudflare protection play with you and calibre, try to read cloudflare doc's and may be turn protection level not so hard for begining

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@jebr commented on GitHub (Feb 2, 2021):

Thanks for the quick testing. Very strange that this occurs. I will remove the domain from Cloudflare and recreate it, maybe that will help.

<!-- gh-comment-id:771930598 --> @jebr commented on GitHub (Feb 2, 2021): Thanks for the quick testing. Very strange that this occurs. I will remove the domain from Cloudflare and recreate it, maybe that will help.

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@jebr commented on GitHub (Feb 3, 2021):

It was indeed Cloudflare. After deleting the account and waiting for a few hours, I re-added the accounts. Now the page works fine, but after a few minutes and some clicking back and forth I get logged out again. I will contact Cloudflare to find out what is causing this.

The problem is in the Samesite cookies, unfortunately I have no idea what this means, I will read more about it.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

<!-- gh-comment-id:772451836 --> @jebr commented on GitHub (Feb 3, 2021): It was indeed Cloudflare. After deleting the account and waiting for a few hours, I re-added the accounts. Now the page works fine, but after a few minutes and some clicking back and forth I get logged out again. I will contact Cloudflare to find out what is causing this. The problem is in the Samesite cookies, unfortunately I have no idea what this means, I will read more about it. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite 

kerem commented 2026-02-26 06:34:08 +03:00

Author

Owner

Copy link

@jebr commented on GitHub (Feb 4, 2021):

You can close the issue from me. Unfortunately I am not getting it resolved for calibre-web. It has something to do with the forwarding and storage of cookie data (Samesite = ...). It also has something to do with the way calibre-web handles the login mechanism. This is the only container where I have problems logging in / staying logged in.

I want to thank you very much for your good support!

<!-- gh-comment-id:773570885 --> @jebr commented on GitHub (Feb 4, 2021): You can close the issue from me. Unfortunately I am not getting it resolved for calibre-web. It has something to do with the forwarding and storage of cookie data (Samesite = ...). It also has something to do with the way calibre-web handles the login mechanism. This is the only container where I have problems logging in / staying logged in. I want to thank you very much for your good support!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#722

No description provided.