[rt-users] SelfService users need to login twice
ktm at rice.edu
ktm at rice.edu
Fri May 13 17:07:38 EDT 2011
> > > > >
> > > > > This was a fix for users going to http://rt.server/ and logging in and
> > > > > losing the cookie when being redirected by mod_perl to
> > > > > http://rt.server/SelfService/
> > > > >
> > > > > Again, not sure what fix you applied, so it's hard to comment further.
> > > >
> > > > It was the 3.8 session fixation patch.
> > >
> > > So, that fixed the double login or caused it?
> >
> > It caused it. I removed the second half of the test in the unless
> > just like the mention in the thread. Then it worked again, but
> > with what consequences?
>
> That change should be fine.
>
> The actual 3.8.6 (which contains a fix) completely rewrites the code
> path. Unfortunately, it's hard to comment more on a patch from 2009
> without a lot more digging.
>
> -kevin
I understand and thank you for taking a quick look. We have an update
to 3.8.10 scheduled.
Regards,
Ken
More information about the rt-users
mailing list