Vote #76890
完了Use config.relative_url_root as the default path for session and autologin cookies
0%
説明
Per default, Rails uses "/" as path in session cookies. When mounting
Redmine on a relative URL root, say '/redmine', the path in the cookie
should also say "/redmine". Otherwise a browsers sendsi the cookie to
all applications running on the same host. This is problematic when
running more than one Redmine instance on one server.
Fix it by setting the cookie path to config.relative_url_root when set,
"/" otherwise. Rails automatically sets this config from the environment
variable RAILS_RELATIVE_URL_ROOT.
Related to Patch #3968
journals
--------------------------------------------------------------------------------
Thanks for pointing out the autologin cookie. Didn't notice it since I had it disabled.
I think it would make sense to use RAILS_RELATIVE_URL_ROOT for the autologin cookie too, but only as default value instead of "/". When autologin_cookie_path is set, that one should be used instead. Does that sound reasonable?
--------------------------------------------------------------------------------
v2 of the patch with fix for autologin cookie path.
--------------------------------------------------------------------------------
Also related to #14237.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Committed, thanks.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
related_issues
relates,Closed,16489,Autologin Cookie doesn't differentiate between different Redmine systems within the same browser
relates,Closed,14237,Allow custom path for "_redmine_session_" cookie
Admin Redmine さんが3年以上前に更新
- カテゴリ を Accounts / authentication_7 にセット
- 対象バージョン を 3.2.0_102 にセット