bug

author: Joey Hess <joeyh@joeyh.name> 2018-01-07 13:39:26 -0400
committer: Joey Hess <joeyh@joeyh.name> 2018-01-07 13:39:26 -0400
commit: f3b469d43a6a573fbe6875f14b4559211a42a5c5 (patch)
tree: 8788fb8be5f11a53967a1044c0640a32318ca414 /doc/bugs/login_problem_redux.mdwn
parent: 9dfabb2b35dee82c69d5e26ca3d9fd4e00f5795d (diff)
download: ikiwiki-f3b469d43a6a573fbe6875f14b4559211a42a5c5.tar
ikiwiki-f3b469d43a6a573fbe6875f14b4559211a42a5c5.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/bugs/login_problem_redux.mdwn b/doc/bugs/login_problem_redux.mdwn
new file mode 100644
index 000000000..559782ec8
--- /dev/null
+++ b/doc/bugs/login_problem_redux.mdwn
@@ -0,0 +1,12 @@
+Following up on [[login_problem]], there's still some problems mixing https
+and http logins on sites that allow both and don't redirect http to https.
+
+If the user logs in on https first, their cookie is https-only. If they
+then open the http site and do something that needs them logged in, it will
+try to log them in again. But, the https-only cookie is apparently not
+replaced by the http login cookie. The login will "succeed", but the cookie
+is inaccessible over https and so they'll not be really logged in.
+
+I think that the only fix for this is make the login page redirect from
+http to https, and for it to return to the https version of the page that
+prompted the login. --[[Joey]]
author	Joey Hess <joeyh@joeyh.name>	2018-01-07 13:39:26 -0400
committer	Joey Hess <joeyh@joeyh.name>	2018-01-07 13:39:26 -0400
commit	f3b469d43a6a573fbe6875f14b4559211a42a5c5 (patch)
tree	8788fb8be5f11a53967a1044c0640a32318ca414 /doc/bugs/login_problem_redux.mdwn
parent	9dfabb2b35dee82c69d5e26ca3d9fd4e00f5795d (diff)
download	ikiwiki-f3b469d43a6a573fbe6875f14b4559211a42a5c5.tar ikiwiki-f3b469d43a6a573fbe6875f14b4559211a42a5c5.tar.gz