B Tasker

PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname



Issue Information

Issue Type: Bug
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Done (2014-08-05 11:28:05)
Affects Version: 1.15,
Target version: 1.25,
Components: Authentication ,

Created: 2014-08-05 11:18:09
Time Spent Working


Description
If Credlocker is configured behind a reverse proxy, on a different hostname to that used by the back-end server, cookies set by Credlocker will not be valid and so the user will continually be told that their session is invalid.

Discovered whilst testing RIM-23


Toggle State Changes

Activity


Added a new config file field 'CredlockerHost'. If not empty (and not DEFAULT) it overrides the hostname used to set cookies.