Page MenuHomePhabricator

Fix issue where accessing HTTP domain would override HTTPS cookie
ClosedPublic

Authored by hach-que on Feb 15 2014, 1:00 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 7, 11:59 AM
Unknown Object (File)
Thu, Dec 5, 7:55 PM
Unknown Object (File)
Wed, Dec 4, 8:32 AM
Unknown Object (File)
Sat, Nov 30, 7:52 PM
Unknown Object (File)
Tue, Nov 26, 4:19 PM
Unknown Object (File)
Tue, Nov 26, 4:19 PM
Unknown Object (File)
Tue, Nov 26, 4:19 PM
Unknown Object (File)
Tue, Nov 26, 4:19 PM

Details

Summary

This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/

Test Plan

Applied this patch to a live server and saw the issue go away.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Hmm.. maybe it's cleaner for the PhabricatorRedirectController not to try to write this cookie? I think the simplest fix would be to extend it from AphrontController instead of PhabricatorController. I think it's executing a lot of logic which is at best useless and at worst bad (as here) by running through PhabricatorController::willBeginExecution().

I suppose this is probably worth having as a safety net in any case, since it's definitely correct, it's just a bit odd that we can end up here.