[RCU] force_https and session problems
Thomas Bruederli
roundcube at gmail.com
Sat Jan 7 14:23:11 CET 2012
Fred Bacon wrote:
> I just upgraded my company's Roundcube installation from 0.5.3 to 0.7,
> and I have an interesting problem.
>
> We have the force_https option set to true. In the past, if you went to
> the unencrypted address and tried to login, you would be redirected to
> the encrypted connection, and your login would succeed.
>
> Now, if you go to the http address and try to login, you are not
> redirected to the encrypted connection, and you get an error stating
> that "Your session is invalid or expired" when you try to login.
>
> Can anyone else confirm this error? It's not a show stopper, but it is
> a little annoying that the behavior is different. I'm sure to get
> complaints on Monday. *sigh*
Works for me with 0.7 and current trunk version.
The only change which affected the code responsible for the redirect was
the additional support for X-Forwarded-Proto headers for load-balanced
environments.
~Thomas
--
List info: http://lists.roundcube.net/users/
BT/9b404e9e
More information about the users
mailing list