Problem about apache httpd Header Set-Cookie and bitwarden web-v2023.5.0 release #812

New Issue

OVERLORD · 2025-10-09T16:52:32+03:00

OVERLORD commented

2025-10-09 16:52:32 +03:00

Originally created by @ecesarini on GitHub.

Subject of the issue

Hi,
upgrading to bitwarden web-v2023.5.0 i'm facing a problem difficult to debug (environment details are in the support string below).
I'm used to set cookie into the client by apache config files

Header append Set-Cookie "XXXXXMail=%{uid}e; path=/; Secure; Max-Age=3600; SameSite=none; Secure"

This apache env variable is populated by a pre-authentication action (e.g. via shibboleth). In the code above %{uid}e serves as an example only. The same behavior is obtained using the variable %{mail}e, and the set cookie becomes null.
Since web-v2023.4.0 or web-v2023.4.2 the process has always worked fine. Starting from web-v2023.5.0 update cookie is nullified after few moments the page is loaded.
My CookieMail cookie in the browser is (null) when the service is loaded, but the browser get the right cookie back if i reload the refresh itself.
I'm trying to understand if this behaviour could depends on vaultwarden/server, but i'm not sure; so forgive me if this open issue may sound inconvenient.

Deployment environment

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.28.1-adf67a8e
Web-vault version: v2023.5.0
OS/Arch: linux/x86_64
Running within Docker: true (Base: Debian)
Environment settings overridden: false
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: MySQL
Database version: 10.6.4-MariaDB-1:10.6.4+maria~focal
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 100,
  "database_timeout": 30,
  "database_url": "*****://**********************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://********************",
  "domain_origin": "*****://********************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "vault-test",
  "invitations_allowed": false,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": true,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "************",
  "signups_verify": true,
  "signups_verify_resend_limit": 0,
  "signups_verify_resend_time": 60,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*********************",
  "smtp_from_name": "XXXXXXX",
  "smtp_host": "******************",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Troubleshooting data

In the attachement images there is a comparison.
expected: web-vault-2023.4.0 vs issue: web-vault-2023.5.0

Originally created by @ecesarini on GitHub. ### Subject of the issue  Hi, upgrading to _bitwarden web-v2023.5.0_ i'm facing a problem difficult to debug (environment details are in the **support string** below). I'm used to set cookie into the client by apache config files ```apache Header append Set-Cookie "XXXXXMail=%{uid}e; path=/; Secure; Max-Age=3600; SameSite=none; Secure" ``` This apache env variable is populated by a _pre-authentication_ action (e.g. via shibboleth). In the code above _%{uid}e_ serves as an example only. The same behavior is obtained using the variable _%{mail}e_, and the set cookie becomes null. Since _web-v2023.4.0_ or _web-v2023.4.2_ the process has always worked fine. Starting from _web-v2023.5.0 update_ cookie is nullified after few moments the page is loaded. My _CookieMail_ cookie in the browser is **_(null)_** when the service is loaded, but the browser get the right cookie back if i reload the refresh itself. I'm trying to understand if this behaviour could depends on vaultwarden/server, but i'm not sure; so forgive me if this open issue may sound inconvenient. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.28.1-adf67a8e * Web-vault version: v2023.5.0 * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: MySQL * Database version: 10.6.4-MariaDB-1:10.6.4+maria~focal * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 100, "database_timeout": 30, "database_url": "*****://**********************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://********************", "domain_origin": "*****://********************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "vault-test", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": true, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "************", "signups_verify": true, "signups_verify_resend_limit": 0, "signups_verify_resend_time": 60, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*********************", "smtp_from_name": "XXXXXXX", "smtp_host": "******************", "smtp_password": null, "smtp_port": 25, "smtp_security": "off", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Troubleshooting data In the attachement images there is a comparison. _expected_: **web-vault-2023.4.0** vs _issue_: **web-vault-2023.5.0** ![web-vault-2023 4 0](https://github.com/dani-garcia/vaultwarden/assets/73652902/2d2eb270-6641-448f-9323-9b429d1c3303) ![web-vault-2023 5 0](https://github.com/dani-garcia/vaultwarden/assets/73652902/1ecfb761-b14b-4548-987b-743dde9ade54)

OVERLORD closed this issue

2025-10-09 16:52:33 +03:00

OVERLORD referenced this issue

2025-10-09 18:26:58 +03:00

[PR #812] [MERGED] Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL #3623

OVERLORD referenced this issue

2025-10-09 18:27:02 +03:00

[PR #812] Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL #3627

Sign in to join this conversation.