Redmine authentication are confused by .illumos.org vs www.
|Assignee:||Sergey Generalov||% Done:|
After logging into Redmine via https://illumos.org/login (with stored cookie), subsequently loading a http://www.illumos.org/ URL will show the user as logged out, and vice versa. This is extremely annoying when issue links are provided externally. Maybe there should just be one canonical domain name.
#1 Updated by Matt Lewandowsky over 7 years ago
Ideally, Redmine should be setting a non-secure cookie for .illumos.org as that should work for both HTTP and HTTPS, and also covering all illumos.org subdomains. I could probably do this trivially if I had access to a testing illumos-configured Redmine server.
Also available in: Atom