Follow-up Comment #9, sr #111062 (group administration): [comment #6 comment #6:] > My cookies: > > savannah.nongnu.org > > SV_THEME=Savannah > redirect_to_https=1 > session_hash=(something) > session_uid=(something) > > All cookies are HttpOnly. Session_hash and session_uid are marked “secure”. All are in domain “savannah.nongnu.org”. > > > savannah.gnu.org > > No SV_THEME cookie. > redirect_to_https=1 |(domain=savannah.gnu.org) > session_hash=(something) (domain=savannah.gnu.org) > session_hash=(something else) (domain=.savannah.gnu.org) > session_uid=(something) (somain=savannah.gnu.org) > session_uid=(the same value) (domain=.savannah.gnu.org) > > All cookies are HttpOnly. Session_hash and session_uid are marked “secure”. Not all in the same domain. > > >
[comment #8 comment #8:] > Thank you, now I can reproduce this. > > [comment #6 comment #6:] > > session_hash=(something else) (domain=.savannah.gnu.org) > ... > > session_uid=(the same value) (domain=.savannah.gnu.org) > > It turns out that these stale cookies override the new ones; I've added some code to remove them. > > Let us see if other people are affected by other bugs. [comment #6 comment #6:] > My cookies: > > savannah.nongnu.org > > SV_THEME=Savannah > redirect_to_https=1 > session_hash=(something) > session_uid=(something) > > All cookies are HttpOnly. Session_hash and session_uid are marked “secure”. All are in domain “savannah.nongnu.org”. > > > savannah.gnu.org > > No SV_THEME cookie. > redirect_to_https=1 |(domain=savannah.gnu.org) > session_hash=(something) (domain=savannah.gnu.org) > session_hash=(something else) (domain=.savannah.gnu.org) > session_uid=(something) (somain=savannah.gnu.org) > session_uid=(the same value) (domain=.savannah.gnu.org) > > All cookies are HttpOnly. Session_hash and session_uid are marked “secure”. Not all in the same domain. > > > _______________________________________________________ Reply to this item at: <https://savannah.nongnu.org/support/?111062> _______________________________________________ Message sent via Savannah https://savannah.nongnu.org/