Project

General

Profile

Actions
Copy link

Patch #21169

closed

Use config.relative_url_root as the default path for session and autologin cookies

Added by Daniel Ritz over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Accounts / authentication
Target version:
3.2.0

Description

Per default, Rails uses "/" as path in session cookies. When mounting
Redmine on a relative URL root, say '/redmine', the path in the cookie
should also say "/redmine". Otherwise a browsers sendsi the cookie to
all applications running on the same host. This is problematic when
running more than one Redmine instance on one server.

Fix it by setting the cookie path to config.relative_url_root when set,
"/" otherwise. Rails automatically sets this config from the environment
variable RAILS_RELATIVE_URL_ROOT.

Related to Patch #3968

Files

Download all files
session-path-when-using-RAILS_RELATIVE_URL_ROOT.patch (737 Bytes) session-path-when-using-RAILS_RELATIVE_URL_ROOT.patch Daniel Ritz, 2015-11-06 20:01
session-path-when-using-RAILS_RELATIVE_URL_ROOT_v2.patch (1.3 KB) session-path-when-using-RAILS_RELATIVE_URL_ROOT_v2.patch session cookie and autologin cookie path Daniel Ritz, 2015-11-07 15:40

Related issues

Related to Redmine - Defect #16489: Autologin Cookie doesn't differentiate between different Redmine systems within the same browserClosedActions
Related to Redmine - Feature #14237: Allow custom path for "_redmine_session_" cookieClosedActions
Actions
Copy link

Also available in: Atom PDF