Waking Up Flash Session

Interesting… This works as expected…

if ($validation === 'success') {
            $flash->add('success', 'Your account has been activated. Please log in.');
            // TODO Look into why sleep(3) seems to be needed to post correct flash message - something to do with
            // mimecast - browser sessions maybe?
            sleep(3);
            $this->sql->updateUser($userName);
        } else {
            $flash->add(
                'error',
                'Your account was not activated. Please try again or contact us with this error.'
            );
        }
        return $response->withStatus(302)->withHeader('Location', '/');

Without sleep(3) - the flash message posted to screen is for flash key ‘error’ even though updateUser() has worked.

Notes:

• sleep(1) and sleep(2) also posts the unexpected flash key ‘error’ message to UI.
• more context:

    /**
     * @throws Exception
     */
    public function __invoke(
        ServerRequestInterface $request,
        ResponseInterface $response
    ): ResponseInterface {
        $flash = $this->session->getFlash();
        $flash->clear();
...

Can you please add more details?
What Session/Flash package and what version are you using?

Just to be sure, have you installed the packages as shown here: Slim 4 Integration ?

Yes, I have it configured so the package is working as expected across about 20 microservices… this is the only use case where the behavior is unexpected. Hmmm… thinking it might be garbage collection settings gc_ or something to do with the native PHP $_SESSION… rn… off to do some more tests…

I would be interested in the results.

Turns out middleware was setting a duplicate cookie (one SameSite and one normal) for every session in container DI by reading incorrect settings in .env.