detect sslcookie set and no https
This is likely a misconfiguration and can cause login to fail as the browser refuses the send the session cookie back over http. Not entirely happy with putting the check where I did, since users have to try to log in, and fail, to see the misconfiguration explained. But I could not find a better place to put the check.master
Joey Hess
parent
2e0dec2ffc
commit
158c6c3ac8
|
|
@ -141,10 +141,15 @@ sub cgi_postsignin ($$) {
|
||||||
cgi_savesession($session);
|
cgi_savesession($session);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
if ($config{sslcookie} && ! $q->https()) {
|
||||||
|
error(gettext("probable misconfiguration: sslcookie is set, but you are attepting to login via http, not https"));
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
error(gettext("login failed, perhaps you need to turn on cookies?"));
|
error(gettext("login failed, perhaps you need to turn on cookies?"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
sub cgi_prefs ($$) {
|
sub cgi_prefs ($$) {
|
||||||
my $q=shift;
|
my $q=shift;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue