aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2009-02-26 01:59:05 -0500
committerJoey Hess <joey@gnu.kitenet.net>2009-02-26 01:59:05 -0500
commit158c6c3ac8a8975741587b55a298f10e632e993e (patch)
tree9e65dcc68327aaed2e952ff4ed09f768185676f8 /IkiWiki
parent2e0dec2ffcab5af04f5e6c3e1e3504a7aca9e56e (diff)
downloadikiwiki-158c6c3ac8a8975741587b55a298f10e632e993e.tar
ikiwiki-158c6c3ac8a8975741587b55a298f10e632e993e.tar.gz
detect sslcookie set and no https
This is likely a misconfiguration and can cause login to fail as the browser refuses the send the session cookie back over http. Not entirely happy with putting the check where I did, since users have to try to log in, and fail, to see the misconfiguration explained. But I could not find a better place to put the check.
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/CGI.pm7
1 files changed, 6 insertions, 1 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 3000ed100..04f24b04f 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -142,7 +142,12 @@ sub cgi_postsignin ($$) {
exit;
}
else {
- error(gettext("login failed, perhaps you need to turn on cookies?"));
+ if ($config{sslcookie} && ! $q->https()) {
+ error(gettext("probable misconfiguration: sslcookie is set, but you are attepting to login via http, not https"));
+ }
+ else {
+ error(gettext("login failed, perhaps you need to turn on cookies?"));
+ }
}
}