On Fri, May 13, 2011 at 11:18:52AM -0500, [email protected] wrote: > On Fri, May 13, 2011 at 11:56:19AM -0400, Kevin Falcone wrote: > > On Fri, May 13, 2011 at 10:37:44AM -0500, [email protected] wrote: > > > On Fri, May 13, 2011 at 10:27:05AM -0500, [email protected] wrote: > > > > Hi, > > > > > > > > I am investigating a problem with the SelfService login page where > > > > unprivileged users must login two times in a row for it to succeed. > > > > I found this thread: > > > > > > > > http://www.gossamer-threads.com/lists/rt/users/90794 > > > > > > > > and I think that my issue is the same. Unfortunately, I cannot > > > > find the original patch for 3.8.0 - 3.8.5 that I applied. Does > > > > anyone have a copy of the patch or an idea on how to debug this. > > > > > > > > Regards, > > > > Ken > > > > > > > > > > I had to make the same change to: > > > > > > share/html/Elements/SetupSessionCookie > > > > > > as described in the thread to eliminate the double login. > > > Like the original thread, I am curious if there is a problem > > > with this fix or a better one? I am running 3.8.5. > > > > I'm not sure which fix you're referencing, since my sha1 in that > > thread was for the 3.6 fix, which was a backport of > > 84022062cec889f1cabf1d4a10e28b7b66addf23 from 3.8 > > > > This was a fix for users going to http://rt.server/ and logging in and > > losing the cookie when being redirected by mod_perl to > > http://rt.server/SelfService/ > > > > Again, not sure what fix you applied, so it's hard to comment further. > > > > -kevin > > It was the 3.8 session fixation patch.
So, that fixed the double login or caused it? -kevin
pgpPEtXoSsN9u.pgp
Description: PGP signature
