summaryrefslogtreecommitdiff
path: root/doc/recentchanges/change_61218e338a7517b25fc82697c3a11fff1edb6803._change
blob: b2e825460d04a89d806f9fca04e3e25766a8a48f (plain)
  1. [[!meta author="""http://smcv.pseudorandom.co.uk/"""]]
  2. [[!meta authorurl="""http://smcv.pseudorandom.co.uk/"""]]
  3. [[!meta title="""change to todo/use_secure_cookies_for_ssl_logins on ikiwiki"""]]
  4. [[!meta permalink="http://ikiwiki.info/recentchanges/#change-61218e338a7517b25fc82697c3a11fff1edb6803"]]
  5. <div id="change-61218e338a7517b25fc82697c3a11fff1edb6803" class="metadata">
  6. <span class="desc"><br />Changed pages:</span>
  7. <span class="pagelinks">
  8. <a href="http://git.ikiwiki.info/?p=ikiwiki;a=blobdiff;f=doc/todo/use_secure_cookies_for_ssl_logins.mdwn;h=a91a15b987874ac3b160b6689322d508a51272d8;hp=0000000000000000000000000000000000000000;hb=61218e338a7517b25fc82697c3a11fff1edb6803;hpb=9180381728e252cf474eb8a4b0460755b5c28340" title="diff" rel="nofollow">[[diff|wikiicons/diff.png]]</a><a href="http://ikiwiki.info/ikiwiki.cgi?page=todo%2Fuse_secure_cookies_for_ssl_logins&amp;do=goto" rel="nofollow">todo/use secure cookies for ssl logins</a>
  9. </span>
  10. <span class="desc"><br />Changed by:</span>
  11. <span class="committer">
  12. <a href="http://smcv.pseudorandom.co.uk/" rel="nofollow">smcv</a>
  13. </span>
  14. <span class="desc"><br />Commit type:</span>
  15. <span class="committype">web</span>
  16. <span class="desc"><br />Date:</span>
  17. <span class="changedate"><span class="relativedate" title="Tue, 23 Nov 2010 23:59:03 +0000">23:59:03 11/23/10</span></span>
  18. <span class="desc"><br /></span>
  19. </div>
  20. <span class="revert">
  21. <a href="http://ikiwiki.info/ikiwiki.cgi?rev=61218e338a7517b25fc82697c3a11fff1edb6803&amp;do=revert" title="revert" rel="nofollow">[[revert|wikiicons/revert.png]]</a>
  22. </span>
  23. <div class="changelog">
  24. another branch<br />
  25. </div>
  26. <div class="diff">
  27. <pre>
  28. diff --git a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
  29. new file mode 100644
  30. index 0000000..a91a15b
  31. --- /dev/null
  32. +++ b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
  33. @@ -0,0 +1,12 @@
  34. +&#91;&#91;!template id=gitbranch branch=smcv/ready/sslcookie-auto author=&quot;&#91;&#91;smcv&#93;&#93;&quot;&#93;&#93;
  35. +&#91;&#91;!tag patch&#93;&#93;
  36. +
  37. +At the moment `sslcookie =&gt; 0` never creates secure cookies, so if you log in
  38. +with SSL, your browser will send the session cookie even over plain HTTP.
  39. +Meanwhile `sslcookie =&gt; 1` always creates secure cookies, so you can&#39;t
  40. +usefully log in over plain http.
  41. +
  42. +This branch adds `sslcookie =&gt; 0, sslcookie_auto =&gt; 1` as an option; this
  43. +uses the `HTTPS` environment variable, so if you log in over SSL you&#39;ll
  44. +get a secure session cookie, but if you log in over HTTP, you won&#39;t.
  45. +(The syntax for the setup file is pretty rubbish - any other suggestions?)
  46. </pre>
  47. </div>
  48. <!-- 61218e338a7517b25fc82697c3a11fff1edb6803 -->