For certain users, an excessive number of "Set-Cookie: apbct_admin_logged_in=...." headers are being sent causing varnish to choke and return a 503 Backend fetch failed error when trying to log in.
This is difficult to reproduce due to the need to bypass varnish. I was able to do so by using "drush uli" to generate a login link for the user and then using curl to retrieve that page into a file using the internal IP address of the server. In my case, there were 120 duplicate Set-Cookie headers in the resulting file.
In sites that don't use varnish, it may be a simple matter of using browser developer tools to review the response from the server when logging in. However, developer tools may consolidate duplicate cookies into one so it may still be necessary to use curl to see the raw data returned by the server.
Cookies are set in apbct_setcookie() in CleantalkFuncs.php. I propose that this method be modified to keep track of all cookies that are set and return without setting a cookie that has already been set previously (with the same value). I am attaching a patch that accomplishes this.
Alternatively, it might be a good idea to determine why so many cookies are being set in the first place and determine if there is a different fix needed to prevent this.
Active
9.6
Code
Hello,
Thanks for the detailed report. I’ve passed the information along to the team for further review.
Best regards,
Hello,
We will contact you within 3 business days.
Please wait.
Hello,
Thanks for the detailed bug report and patch! We’ve added it to the codebase with some slight modifications.
Much appreciated!