From: Reindl Harald <h.reindl@thelounge.net>
To: users@lists.roundcube.net
Sent: Friday, December 28, 2012 11:37 AM
Subject: Re: [RCU] locking in https - Re: invalid auth cookie
Am 28.12.2012 20:33, schrieb Benny Pedersen:
> Reindl Harald skrev den 2012-12-28 20:22:
>
>> because cookies are DOMAIN based
>> the domain is the same
>
> and you are not using roundcube ?
>
> if roundcube have this kind of security problems please dokument it as a ticket so it gets fixed in php code, for
> the apache setup i still keep what i say to not use redirecting
this has NOTHING to do with roundcube
it is your lacking knowledge of HTTP basics
only idiots would configure a different docroot and hope that whatever
used software is respsonsible to make sure that the browser only
send abck cookies over https while skilled admins make sure this case
in the docroot configuration independent of any script running on the host
_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.nethttp://lists.roundcube.net/mailman/listinfo/users