PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname

Issue Information

Issue Type: Bug
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Done (2014-08-05 11:28:05)
Affects Version: 1.15,
Target version: 1.25,
Components: Authentication ,

Created: 2014-08-05 11:18:09
Time Spent Working

If Credlocker is configured behind a reverse proxy, on a different hostname to that used by the back-end server, cookies set by Credlocker will not be valid and so the user will continually be told that their session is invalid.

Discovered whilst testing RIM-23

Toggle State Changes


Added a new config file field 'CredlockerHost'. If not empty (and not DEFAULT) it overrides the hostname used to set cookies.
btasker changed status from 'Open' to 'Resolved'
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'