From 158c6c3ac8a8975741587b55a298f10e632e993e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 26 Feb 2009 01:59:05 -0500 Subject: detect sslcookie set and no https This is likely a misconfiguration and can cause login to fail as the browser refuses the send the session cookie back over http. Not entirely happy with putting the check where I did, since users have to try to log in, and fail, to see the misconfiguration explained. But I could not find a better place to put the check. --- IkiWiki/CGI.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index 3000ed100..04f24b04f 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -142,7 +142,12 @@ sub cgi_postsignin ($$) { exit; } else { - error(gettext("login failed, perhaps you need to turn on cookies?")); + if ($config{sslcookie} && ! $q->https()) { + error(gettext("probable misconfiguration: sslcookie is set, but you are attepting to login via http, not https")); + } + else { + error(gettext("login failed, perhaps you need to turn on cookies?")); + } } } -- cgit v1.2.3