Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

#7732 Be able to use secure cookies and SSLMiddleware

Milestone: v1.2.0

Status: closed

Owner: Dave Brondsema

Labels: sf-2 (994)

Component: General

Reviewer: Igor Bondarenko

Updated: 2015-08-20

Created: 2014-10-02

Creator: Dave Brondsema

Private: No

SSLMiddleware currently has some SourceForge-specific bits that we should factor out, so anyone can use it.

We should also support secure session cookies, and do so in a way that works with mixed http/https usage. E.g. with a non-secure cookie that acts as a flag indicating a secure session is available and the app can redirect from http->https.

Discussion

Dave Brondsema - 2014-10-06

Milestone: forge-oct-3 --> forge-oct-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-06

status: open --> in-progress

assigned_to: Dave Brondsema

Size: --> 2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-07

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-07

allura:db/7732

SourceForge refactoring lands in forge-classic:db/7732 and config value force_ssl.logged_in = true

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-10-10

QA: Igor Bondarenko
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-10-10

status: code-review --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-10-10

It does not work for me with sfx auth provider. I'm getting redirects to a login page trying to access something unavailable to unauthenticated user (e.g. /p/test/admin) and login page says I am already logged in to SourceForge.

It works with ldap provider, though.

I guess, since we going to switch sf auth to allura auth soon, that's ok? If it is you can merge this, looks fine to me.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-10

Good catch, I will hold on merging this for a few days.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-10-17

status: in-progress --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-01-05

Milestone: unreleased --> asf_release_1.2.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.