Ticket #979 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

[TiddlyWeb] when setting cookies pay attention to server prefix

Reported by: cdent Owned by: cdent
Priority: major Milestone:
Component: tiddlyweb Version:
Severity: high Keywords:
Cc:

Description

In the cookie_form and openid challengers a cookie is set with a path of '/'. If there are multiple tiddlyweb services hosted on the same apache (or otherwise) server, under different server_prefix settings, this will lead to authentication confusion: cookies for a user under one service will be sent to another service that may or may not have that user.

Change History

Changed 4 years ago by cdent

  • status changed from new to closed
  • resolution set to fixed

fix in changeset:9192

Note: See TracTickets for help on using tickets.