Project

General

Profile

Actions

Patch #21169

closed

Use config.relative_url_root as the default path for session and autologin cookies

Added by Daniel Ritz almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Per default, Rails uses "/" as path in session cookies. When mounting
Redmine on a relative URL root, say '/redmine', the path in the cookie
should also say "/redmine". Otherwise a browsers sendsi the cookie to
all applications running on the same host. This is problematic when
running more than one Redmine instance on one server.

Fix it by setting the cookie path to config.relative_url_root when set,
"/" otherwise. Rails automatically sets this config from the environment
variable RAILS_RELATIVE_URL_ROOT.

Related to Patch #3968


Files


Related issues

Related to Redmine - Defect #16489: Autologin Cookie doesn't differentiate between different Redmine systems within the same browserClosed

Actions
Related to Redmine - Feature #14237: Allow custom path for "_redmine_session_" cookieClosed

Actions
Actions #1

Updated by Go MAEDA almost 9 years ago

  • Related to Defect #16489: Autologin Cookie doesn't differentiate between different Redmine systems within the same browser added
Actions #2

Updated by Daniel Ritz almost 9 years ago

Thanks for pointing out the autologin cookie. Didn't notice it since I had it disabled.

I think it would make sense to use RAILS_RELATIVE_URL_ROOT for the autologin cookie too, but only as default value instead of "/". When autologin_cookie_path is set, that one should be used instead. Does that sound reasonable?

Actions #4

Updated by Daniel Ritz almost 9 years ago

Also related to #14237.

Actions #5

Updated by Jean-Philippe Lang almost 9 years ago

  • Target version set to 3.2.0
Actions #6

Updated by Jean-Philippe Lang almost 9 years ago

  • Subject changed from Fix session path when using RAILS_RELATIVE_URL_ROOT to Use config.relative_url_root as the default path for session and autologin cookies
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang

Committed, thanks.

Actions #7

Updated by Toshi MARUYAMA almost 9 years ago

  • Related to Feature #14237: Allow custom path for "_redmine_session_" cookie added
Actions

Also available in: Atom PDF