Conversation
|
|
||
| if ($authenticator !== null && !$authenticator instanceof StatelessInterface) { | ||
| assert($result->getData() !== null); | ||
| $service->persistIdentity($request, new Response(), $result->getData()); |
There was a problem hiding this comment.
You are ignoring the return value of persistIdentity(). When CookieAuthenticator is used the return value will contain the updated response instance with the header set for the cookie. So with your patch the cookie will never be set on the client.
There was a problem hiding this comment.
Nor you can return the response instance at this point as returning a response from the middleware will short circuit the response handling by the framework.
There was a problem hiding this comment.
OK, how can we fix this up to adhere to that?
There was a problem hiding this comment.
There's nothing that can be done here. PSR-15's middleware implementation doesn't support passing an updated response instance down the queue, it can only pass down the request.
2 participants
This seems to resolve #701
But I am not sure if thats the correct approach.
Either way, the rest of the stack must only be gone through once the persisting has happened again, otherwise the following code can be in a 5xx state.