From 21d015b720298f0abf4c8ec02f2c9ef6d9ec8281 Mon Sep 17 00:00:00 2001
From: Mohammad Tomaraei <mohammed.tomaraei@butopea.com>
Date: Wed, 15 Sep 2021 12:11:25 +0200
Subject: [PATCH] Temporary hotfix to keep a single set-cookie header in
 sync_session

---
 src/catalog/controller/vsbridge/sync_session.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/catalog/controller/vsbridge/sync_session.php b/src/catalog/controller/vsbridge/sync_session.php
index 5462a06..f13c00e 100644
--- a/src/catalog/controller/vsbridge/sync_session.php
+++ b/src/catalog/controller/vsbridge/sync_session.php
@@ -11,6 +11,12 @@ public function index(){
         session_abort();
         session_id($vsbridge_session_id);
         session_start();
+
+        // Temporary, edge case hotfix due to https://github.com/cloudflare/cloudflare-docs/issues/17
+        // Summary: Cloudflare workers combine set-cookie headers, but Chrome >= 88 only takes the first cookie
+        // Fix: We clear previous cookies to set the session properly
+        header_remove('Set-Cookie');
+
         $this->session->start('default', $vsbridge_session_id);
 
         // to: GET parameter determining the redirection destination