#7732 Be able to use secure cookies and SSLMiddleware

v1.2.0
closed
sf-2 (994)
General
2015-08-20
2014-10-02
No

SSLMiddleware currently has some SourceForge-specific bits that we should factor out, so anyone can use it.

We should also support secure session cookies, and do so in a way that works with mixed http/https usage. E.g. with a non-secure cookie that acts as a flag indicating a secure session is available and the app can redirect from http->https.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-10-06
    • Milestone: forge-oct-3 --> forge-oct-17
     
  • Dave Brondsema

    Dave Brondsema - 2014-10-06
    • status: open --> in-progress
    • assigned_to: Dave Brondsema
    • Size: --> 2
     
  • Dave Brondsema

    Dave Brondsema - 2014-10-07
    • status: in-progress --> code-review
     
  • Dave Brondsema

    Dave Brondsema - 2014-10-07

    allura:db/7732

    SourceForge refactoring lands in forge-classic:db/7732 and config value force_ssl.logged_in = true

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-10-10
    • QA: Igor Bondarenko
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-10-10
    • status: code-review --> in-progress
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-10-10

    It does not work for me with sfx auth provider. I'm getting redirects to a login page trying to access something unavailable to unauthenticated user (e.g. /p/test/admin) and login page says I am already logged in to SourceForge.

    It works with ldap provider, though.

    I guess, since we going to switch sf auth to allura auth soon, that's ok? If it is you can merge this, looks fine to me.

     
  • Dave Brondsema

    Dave Brondsema - 2014-10-10

    Good catch, I will hold on merging this for a few days.

     
  • Dave Brondsema

    Dave Brondsema - 2014-10-17
    • status: in-progress --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0
     

Log in to post a comment.