I just upgraded my company's Roundcube installation from 0.5.3 to 0.7, and I have an interesting problem.
We have the force_https option set to true. In the past, if you went to the unencrypted address and tried to login, you would be redirected to the encrypted connection, and your login would succeed.
Now, if you go to the http address and try to login, you are not redirected to the encrypted connection, and you get an error stating that "Your session is invalid or expired" when you try to login.
Can anyone else confirm this error? It's not a show stopper, but it is a little annoying that the behavior is different. I'm sure to get complaints on Monday. *sigh*
Thanks,
Fred Bacon Aerodyne Research, Inc.
I use a rewrite rule in Apache that forces them to https. I know that it is not exactly what you want, but maybe it'll help.
<VirtualHost *:80> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://webmail.example.com/ [R,L]
</VirtualHost>
Rdgs, S
On 01/01/2012 07:39 PM, Fred Bacon wrote:
I just upgraded my company's Roundcube installation from 0.5.3 to 0.7, and I have an interesting problem.
We have the force_https option set to true. In the past, if you went to the unencrypted address and tried to login, you would be redirected to the encrypted connection, and your login would succeed.
Now, if you go to the http address and try to login, you are not redirected to the encrypted connection, and you get an error stating that "Your session is invalid or expired" when you try to login.
Can anyone else confirm this error? It's not a show stopper, but it is a little annoying that the behavior is different. I'm sure to get complaints on Monday. *sigh*
Thanks,
Fred Bacon Aerodyne Research, Inc.
On 01/01/2012 01:55 PM, JKL wrote:
I use a rewrite rule in Apache that forces them to https. I know that it is not exactly what you want, but maybe it'll help.
<VirtualHost *:80> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://webmail.example.com/ [R,L]
</VirtualHost>
"Redirect" is probably a less-crazy way to do this =)
Fred Bacon wrote:
I just upgraded my company's Roundcube installation from 0.5.3 to 0.7, and I have an interesting problem.
We have the force_https option set to true. In the past, if you went to the unencrypted address and tried to login, you would be redirected to the encrypted connection, and your login would succeed.
Now, if you go to the http address and try to login, you are not redirected to the encrypted connection, and you get an error stating that "Your session is invalid or expired" when you try to login.
Can anyone else confirm this error? It's not a show stopper, but it is a little annoying that the behavior is different. I'm sure to get complaints on Monday. *sigh*
Works for me with 0.7 and current trunk version.
The only change which affected the code responsible for the redirect was the additional support for X-Forwarded-Proto headers for load-balanced environments.
~Thomas
-
Fred Bacon -
JKL -
Michael Orlitzky -
Thomas Bruederli