I have found this, but i'm not sure how to apply in my 3.8.2 installation...<br><br><pre>#<br># rt-3.4.4-ForceHTTPSLogin.patch<br>#<br># Warning: this patch is under devel, barely tested!!!<br>#<br># * 2005.01.06 Paulo Matos <<a href="mailto:paulo.matos@fct.unl.pt">paulo.matos@fct.unl.pt</a>><br>
# - Redirect to https when credentials are not found;<br># - Redirect to http when credentials are found;<br># - Changed cookiename removing SERVER_PORT. <br>#<br>diff -uNr rt-3.4.4.orig/html/autohandler rt-3.4.4/html/autohandler<br>
--- rt-3.4.4.orig/html/autohandler 2005-02-01 14:20:40.000000000 +0000<br>+++ rt-3.4.4/html/autohandler 2006-01-06 03:51:29.000000000 +0000<br>@@ -72,6 +72,11 @@<br> <br> $m->comp('/Elements/SetupSessionCookie', %ARGS);<br>
<br>+# check credentials and HTTPS, if so redirect to HTTP<br>+if ($session{'CurrentUser'} && $session{'CurrentUser'}->Id && $ENV{'HTTPS'}) {<br>+ $m->redirect('http://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});<br>
+}<br>+<br> unless ($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {<br> $session{'CurrentUser'} = RT::CurrentUser->new();<br> }<br>@@ -218,6 +223,10 @@<br> <br> # If we have no credentials<br>
else {<br>+ # check if we are in HTTPS mode<br>+ if (! $ENV{'HTTPS'} ) {<br>+ $m->redirect('https://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});<br>+ }<br> $m->comp('/Elements/Login', %ARGS);<br>
$m->abort();<br> }<br>diff -uNr rt-3.4.4.orig/html/Elements/SetupSessionCookie rt-3.4.4/html/Elements/SetupSessionCookie<br>--- rt-3.4.4.orig/html/Elements/SetupSessionCookie 2005-04-18 02:44:50.000000000 +0100<br>
+++ rt-3.4.4/html/Elements/SetupSessionCookie 2006-01-06 03:51:46.000000000 +0000<br>@@ -47,7 +47,9 @@<br> return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook<br> <br> my %cookies = CGI::Cookie->fetch();<br>
-my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};<br>+# removed SERVER_PORT from cookie name so it can be valid on HTTP and HTTPS<br>+#my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};<br>
+my $cookiename = "RT_SID_".$RT::rtname.".".'0000';<br> my %backends = (<br> mysql => 'Apache::Session::MySQL',<br> Pg => 'Apache::Session::Postgres',<br><br><br>
</pre>Regards,<br><br><div class="gmail_quote">On Fri, Jan 23, 2009 at 10:02 AM, Emmanuel Lacour <span dir="ltr"><<a href="mailto:elacour@easter-eggs.com">elacour@easter-eggs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Fri, Jan 23, 2009 at 09:57:41AM -0430, Eliezer E Chávez wrote:<br>
> But after the login, the page will return to http?<br>
><br>
<br>
</div>humm, no because it's the same url :(<br>
<br>
you can also modify the login page to do the POST using https, but that<br>
doesn't solve this.<br>
<br>
sure it's possible, but that will need more modifications I think and I<br>
don't have yet enough time to find which :/<br>
<br>
or ... use full https for you're RT ;)<br>
<div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
<a href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users" target="_blank">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a><br>
<br>
Community help: <a href="http://wiki.bestpractical.com" target="_blank">http://wiki.bestpractical.com</a><br>
Commercial support: <a href="mailto:sales@bestpractical.com">sales@bestpractical.com</a><br>
<br>
<br>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<br>
Buy a copy at <a href="http://rtbook.bestpractical.com" target="_blank">http://rtbook.bestpractical.com</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Eliezer E Chávez<br>+58-416-6125676<br><a href="mailto:eliezer.chavez@gmail.com">eliezer.chavez@gmail.com</a><br>>><a href="http://www.bumeran.com.ve/cv/eliezer-chavez">http://www.bumeran.com.ve/cv/eliezer-chavez</a><br>