summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog3
-rw-r--r--doc/todo/use_secure_cookies_for_ssl_logins.mdwn2
2 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index ec995a08a..82f9ece19 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ ikiwiki (3.20101130) UNRELEASED; urgency=low
* API: urlto without a defined second parameter now generates an url
that starts with "/" (when possible; eg when the site's url and cgiurl
are on the same domain).
+ * Now when users log in via https, ikiwiki sends a secure cookie, that can
+ only be used over https. If the user switches to using http, they will
+ need to re-login. (smcv)
-- Joey Hess <joeyh@debian.org> Mon, 29 Nov 2010 14:44:13 -0400
diff --git a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
index f72b2d2d5..194db2f36 100644
--- a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
+++ b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
@@ -32,3 +32,5 @@ get a secure session cookie, but if you log in over HTTP, you won't.
> first, so that dual https/http sites can better be set up. --[[Joey]]
>> Thanks for merging that! :-) --s
+
+[[merged|done]] --[[Joey]]