PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname

Issue Type: Bug

Priority: Major

Status: Closed

Reported By:

Ben Tasker

Assigned To:

Ben Tasker

Project: PHPCredlocker (PHPCRED)

Resolution: Done (2014-08-05 11:28:05)

Affects Version: 1.15,

Target version: 1.25,

Components: Authentication ,

Created: 2014-08-05 11:18:09

Time Spent Working

Include Subtasks

Description

If Credlocker is configured behind a reverse proxy, on a different hostname to that used by the back-end server, cookies set by Credlocker will not be valid and so the user will continually be told that their session is invalid.

Discovered whilst testing RIM-23

Toggle State Changes

Activity

Ben Tasker
Permalink
2014-08-05 11:27:52

Added a new config file field 'CredlockerHost'. If not empty (and not DEFAULT) it overrides the hostname used to set cookies.

PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname

Issue Information

Activity