Closed
Bug 620910
Opened 15 years ago
Closed 14 years ago
Kitsune should automatically switch to https if credentials were already provided in the current session
Categories
(support.mozilla.org :: Knowledge Base Software, task)
support.mozilla.org
Knowledge Base Software
Tracking
(Not tracked)
VERIFIED
FIXED
2.9
People
(Reporter: underpass_bugzilla, Assigned: jsocol)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.2.13) Gecko/20101203 Debian Firefox/3.6.13
Build Identifier:
As for the subject: If I am in the Localization Dashboard
http://support.mozilla.com/it/localization
and try to edit an article needing updates, the credentials are required again.
Reproducible: Always
Steps to Reproduce:
1. Delete cookies for support.mozilla.com
2. Login
3. Open Localization Dashboard with http://support.mozilla.com/it/localization
4. Click on a link to an article needing updates (e.g. http://support.mozilla.com/it/kb/Come%20sincronizzare%20le%20impostazioni%20di%20Firefox%20tra%20pi%C3%B9%20computer/edit)
Actual Results:
I'm asked to type login/password again
Expected Results:
Since I'm already in for the session, it should be not necessary.
|
Assignee | |
Comment 1•15 years ago
|
||
If we set the SUMOloggedin cookie during log-in, there's already a hook in apache to do this.
(SUMOloggedin is a cookie with no particularly meaningful value, that is _not_ secure, so it gets sent on all requests. Not a session cookie but an "o hai there's probably a session" cookie.)
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•15 years ago
|
||
James, should I also file a bug for being able to select whether your want to stay signed in?
Summary: Kitsune should automatically swith to https if credentials were already provided in the current session → Kitsune should automatically switch to https if credentials were already provided in the current session
|
||
Comment 3•14 years ago
|
||
This is true of any page in fact. I did this:
1. Google for something "foobar site:support.mozilla.com"
2. Open two tabs (both on http)
3. Log in in one of the tabs and close it
4. Review the other tab and decide to post a reply
5. Reload the page and I'm still not logged in
|
|
||
Updated•14 years ago
|
Target Milestone: --- → 2.9
|
|
Assignee | |
Comment 4•14 years ago
|
||
(In reply to comment #3)
> This is true of any page in fact. I did this:
That's because all pages are served by Kitsune now ;)
|
|
Assignee | |
Comment 5•14 years ago
|
||
Actually, let's solve this with middleware in Python. Trying to minimize the Apache specifics.
|
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → james
|
|
Assignee | |
Comment 6•14 years ago
|
||
https://github.com/jsocol/kitsune/compare/dcec7a9...85a641c
Logging in should set a cookie, called sumo_session right now, with a value of 1. That should get sent on both HTTP and HTTPS requests, and if it's sent on an HTTP request, you should be redirected to HTTPS.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•14 years ago
|
||
Logging out should clear the cookie but we never explicitly redirect back to HTTP.
|
||
Comment 8•14 years ago
|
||
Verified cookie is set/removed based on sign in status, no redirect to HTTP after logging out.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•