[Issue 12459] New: Bugzilla logs users in only on https site, and does not redirect from http to https
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Tue Mar 25 02:29:08 PDT 2014
https://d.puremagic.com/issues/show_bug.cgi?id=12459
Summary: Bugzilla logs users in only on https site, and does
not redirect from http to https
Product: D
Version: D2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: websites
AssignedTo: braddr at puremagic.com
ReportedBy: thecybershadow at gmail.com
--- Comment #0 from Vladimir Panteleev <thecybershadow at gmail.com> 2014-03-25 11:29:00 EET ---
Logging in currently only saves the session cookie on the https:// protocol,
because it is sent with the "secure" flag enabled.
Bugzilla seems to be configured to redirect logged-in users from http:// to
https://, but since the cookie is never visible when accessing the site via
http://, the only way that redirect can happen is if someone still had a login
cookie from before HTTPS was added.
In effect, this means that any user who logged in since the addition of HTTPS
will not be logged in when clicking on a http:// Bugzilla link. They need to
either log in again, or edit the URL in their browser to point to HTTPS.
A fix would be to set some cookie WITHOUT the secure flag, which would indicate
the requirement to redirect to https://.
I discovered this accidentally after logging out to test something.
--
Configure issuemail: https://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list