Ok, I just checked the xwiki.cfg
> #--------------------------------------- > # Authentication and authorization > # > > #-# Enable to allow superadmin. It is disabled by default as this could be > a > #-# security breach if it were set and you forgot about it. Should only be > enabled > #-# for recovering the Wiki when the rights are completely messed. > xwiki.superadminpassword=system > > #-# Authentication type. You can use 'basic' to always use basic > authentication. > # xwiki.authentication=form > > #-# Indicate if the authentication has do be done for each request > #-# 0: the default value, authentication is done only once by session. > #-# 1: the authentication is done for each request. > # xwiki.authentication.always=0 > > #-# Cookie encryption keys. You SHOULD replace these values with any > random string, > #-# as long as the length is the same. > xwiki.authentication.validationKey=totototototototototototototototo > xwiki.authentication.encryptionKey=titititititititititititititititi > > #-# Comma separated list of domains for which authentication cookies are > set. This > #-# concerns mostly wiki farms. The exact meaning is that when a user logs > in, if > #-# the current domain name corresponding to the wiki ends with one of the > entries > #-# in this parameter, then the cookie is set for the larger domain. > Otherwise, it > #-# is set for the exact domain name of the wiki. > #-# > #-# For example, suppose the cookiedomains is set to "mydomain.net". If I > log in > #-# on wiki1.xwiki.com, then the cookie will be set for the entire > mydomain.net > #-# domain, and if I visit wiki2.xwiki.com I will still be authenticated. > If I log > #-# in on wiki1.otherdomain.net, then I will only be authenticated on > #-# wiki1.otherdomain.net, and not on wiki2.otherdomain.net. > #-# > #-# So you need this parameter set only for global authentication in a > #-# farm, there's no need to specify your domain name otherwise. > #-# > #-# Example: xwiki.authentication.cookiedomains=xwiki.org,myxwiki.org > xwiki.authentication.cookiedomains= If I read this correctly the keys aren't at their default, because they aren't commented out? I haven't touched the .cfg up to now. -- View this message in context: http://xwiki.475771.n2.nabble.com/User-Session-not-sticky-behind-IIS8-Reverse-Proxy-tp7588975p7588978.html Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
