[rt-users] SelfService users need to login twice

ktm at rice.edu ktm at rice.edu
Fri May 13 17:07:38 EDT 2011


> > > > > 
> > > > > This was a fix for users going to http://rt.server/ and logging in and
> > > > > losing the cookie when being redirected by mod_perl to
> > > > > http://rt.server/SelfService/
> > > > > 
> > > > > Again, not sure what fix you applied, so it's hard to comment further.
> > > > 
> > > > It was the 3.8 session fixation patch.
> > > 
> > > So, that fixed the double login or caused it?
> > 
> > It caused it. I removed the second half of the test in the unless
> > just like the mention in the thread. Then it worked again, but 
> > with what consequences?
> 
> That change should be fine.
> 
> The actual 3.8.6 (which contains a fix) completely rewrites the code
> path.  Unfortunately, it's hard to comment more on a patch from 2009
> without a lot more digging.
> 
> -kevin

I understand and thank you for taking a quick look. We have an update
to 3.8.10 scheduled.

Regards,
Ken



More information about the rt-users mailing list