Checkbox "remember me" (cookie): Elfinder: 401 unauthorized error

Your software
My Mautic version is: 4.4.8
My PHP version is: 7.4.29
My Database type and version is: 10.3.38-MariaDB-0ubuntu0.20.04.1

Your problem
My problem is:
I use the Froala Email Editor.
With the Checkbox “remember me” activated, I receive the “401 unauthorized” error when I open elfinder.

The error comes the day after I activated the checkbox or after the browser restart.

Without the checkbox “remember me” activated, Elfinder works as expected.

These errors are showing in the log:
in Mautic there are no errors logged.
In the Browser console, there are some message regarding the cookies and Froala editor:

Also when opening the elfinder:

Steps I have tried to fix the problem:
Clear cookies and site data.
Not activate the checkbox “remember me”.
I add this line of code to keep me logged in:
jQuery(function () {setInterval(function(){jQuery.ajax({method: 'GET',url: ''});}, 9 * 1000 * 60);/*every 9 minutes*/});
at the end of media/js/app.js. But as soon as the browser restarts, I need to login again.

It took me some time to try to recreate it (because I hit another unexpected bug, where the legacy builder didn’t want to load after disabling GrapeJS). When I finally was able to do so, the Elfinder worked without any issue - with or without using “staying logged in” function.

Your console comments gives you a hint: its the about the not correctly set “SameSite” attribute valkue, which may be the culprit. Please investigate into that direction…

Did Elfinder worked also after a browser restart? (with the checkbox activated)
At first, Elfinder works as expected. I usually restart the laptop each day. On the next day, Elfinder does not work anymore, and I suspect the checkbox activated to trigger the issue.

Regarding the console: I do not know what in fact can I investigate. Configuration in Mautic? Or some files in Mautic folder? Or some other settings?
Can you give me a hint?

Hi, its more into the webserver settings: Apache or Nginx, whatever you run.

You may adjust your settings to set the cookie correctly.

I worked on a fix on this issue, see ensure the elfinder paths are within the default firewall, so rememberme functionality works by mollux · Pull Request #12430 · mautic/mautic · GitHub