[BUG] Cookie settings don't take effect

[szerencl]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I tried enabling HttpOnly and Secure cookies in php-local.ini, but when opening the site in my browser and checking the cookies it shows the following:

php-local.ini

session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None

phpinfo() shows the settings taking effect:

Directive | Local Value | Master Value
session.cookie_httponly | On | On
session.cookie_samesite | no value | no value
session.cookie_secure | On | On

Because of this I also tried changing /config/nginx/site-confs/default.conf by adding the following:

    location / {
        # ...
        proxy_cookie_path / "/; secure; HttpOnly; SameSite=none";
        proxy_cookie_flags ~ secure samesite=none;
        # ...
    }

But to no avail.

Expected Behavior

Setting the following in php-local.ini should change the behaviour observed in the browser.

session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None

Steps To Reproduce

1. Add the following to php-local.ini:

session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = None

2. Restart container
3. Open Grocy in the browser
4. Login
5. Open developer console
6. Check session cookie

Environment

- OS: Raspbian Bookworm
- How docker service was installed: apt install

CPU architecture

arm64

Docker creation

---
version: "2.4"
services:
  grocy:
    image: lscr.io/linuxserver/grocy:latest
    container_name: grocy
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Budapest
    volumes:
      - grocy/config:/config
    ports:
      - 9283:80
    restart: unless-stopped

Container logs

[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-default-location: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

using keys found in /config/keys
**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐
│  old date  │  new date  │ path                                                                   │
├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤
│ 2023-04-13 │ 2024-03-06 │ /config/nginx/site-confs/default.conf                                  │
└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘
[custom-init] No custom files found, skipping...
[ls.io-init] done.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue is locked due to inactivity