git.oblomov.eu Git - ikiwiki/blob - doc/recentchanges/change_61218e338a7517b25fc82697c3a11fff1edb6803._change

   1 [[!meta author="""http://smcv.pseudorandom.co.uk/"""]]
   2
   3 [[!meta authorurl="""http://smcv.pseudorandom.co.uk/"""]]
   4
   5 [[!meta title="""change to todo/use_secure_cookies_for_ssl_logins on ikiwiki"""]]
   6
   7 [[!meta permalink="http://ikiwiki.info/recentchanges/#change-61218e338a7517b25fc82697c3a11fff1edb6803"]]
   8
   9 <div id="change-61218e338a7517b25fc82697c3a11fff1edb6803" class="metadata">
  10 <span class="desc"><br />Changed pages:</span>
  11 <span class="pagelinks">
  12
  13 <a href="http://git.ikiwiki.info/?p=ikiwiki;a=blobdiff;f=doc/todo/use_secure_cookies_for_ssl_logins.mdwn;h=a91a15b987874ac3b160b6689322d508a51272d8;hp=0000000000000000000000000000000000000000;hb=61218e338a7517b25fc82697c3a11fff1edb6803;hpb=9180381728e252cf474eb8a4b0460755b5c28340" title="diff" rel="nofollow">[[diff|wikiicons/diff.png]]</a><a href="http://ikiwiki.info/ikiwiki.cgi?page=todo%2Fuse_secure_cookies_for_ssl_logins&amp;do=goto" rel="nofollow">todo/use secure cookies for ssl logins</a>
  14
  15
  16 </span>
  17 <span class="desc"><br />Changed by:</span>
  18 <span class="committer">
  19
  20 <a href="http://smcv.pseudorandom.co.uk/" rel="nofollow">smcv</a>
  21
  22 </span>
  23 <span class="desc"><br />Commit type:</span>
  24 <span class="committype">web</span>
  25 <span class="desc"><br />Date:</span>
  26 <span class="changedate"><span class="relativedate" title="Tue, 23 Nov 2010 23:59:03 +0000">23:59:03 11/23/10</span></span>
  27 <span class="desc"><br /></span>
  28 </div>
  29
  30 <span class="revert">
  31 <a href="http://ikiwiki.info/ikiwiki.cgi?rev=61218e338a7517b25fc82697c3a11fff1edb6803&amp;do=revert" title="revert" rel="nofollow">[[revert|wikiicons/revert.png]]</a>
  32 </span>
  33
  34 <div class="changelog">
  35
  36
  37 another branch<br />
  38
  39
  40 </div>
  41
  42 <div class="diff">
  43 <pre>
  44 diff --git a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
  45 new file mode 100644
  46 index 0000000..a91a15b
  47 --- /dev/null
  48 +++ b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
  49 @@ -0,0 +1,12 @@
  50 +&#91;&#91;!template id=gitbranch branch=smcv/ready/sslcookie-auto author=&quot;&#91;&#91;smcv&#93;&#93;&quot;&#93;&#93;
  51 +&#91;&#91;!tag patch&#93;&#93;
  52 +
  53 +At the moment `sslcookie =&gt; 0` never creates secure cookies, so if you log in
  54 +with SSL, your browser will send the session cookie even over plain HTTP.
  55 +Meanwhile `sslcookie =&gt; 1` always creates secure cookies, so you can&#39;t
  56 +usefully log in over plain http.
  57 +
  58 +This branch adds `sslcookie =&gt; 0, sslcookie_auto =&gt; 1` as an option; this
  59 +uses the `HTTPS` environment variable, so if you log in over SSL you&#39;ll
  60 +get a secure session cookie, but if you log in over HTTP, you won&#39;t.
  61 +(The syntax for the setup file is pretty rubbish - any other suggestions?)
  62
  63 </pre>
  64 </div>
  65
  66 <!-- 61218e338a7517b25fc82697c3a11fff1edb6803 -->