Invalid form authenticity token when accessing two sites behind the same domain.
I configure Redmine with SubURIs and use a reverse proxy so I can serve a couple sites with the same SSL certificate. I access my sites via (ex):
Everything seems to work ok, but whenever I log into the second site, the next action I take on the first site gives me:
Invalid form authenticity token.
I think I have a rough idea of what's going on. I see a
_redmine_session cookie for my domain, but there's only one and it uses a path of
/. My guess is the same cookie is being sent to both sites and that I've missed a setting somewhere that causes the path for that cookie to be (ex:)
To configure the SubURIs I'm using Passenger with
RackBaseURI. I've also configured the
Host name and path setting in Redmine's admin GUI.
If I'm correct and the same cookie is being sent to both sites, what are the implications of that? What if someone else owns the second site?
RE: Invalid form authenticity token when accessing two sites behind the same domain. - Added by Toshi MARUYAMA over 5 years ago
RE: Invalid form authenticity token when accessing two sites behind the same domain. - Added by Ryan J over 5 years ago
That worked. Thank you!