Package: redmine Version: 0.9.4-1 Severity: important Hi,
I ran today into a odd problem. My users where able to login but for some operation the get an "Invalid form authenticity token" error. I also discovered that redmine was setting several cookies instead of only one. After some search I figured out that: DefaultInitEnv RAILS_RELATIVE_URL_ROOT "" was set in my apache config, commenting this directive fix everything. In config/environment.rb there is :session_path => ENV['RAILS_RELATIVE_URL_ROOT'] ? ENV['RAILS_RELATIVE_URL_ROOT'] : '/' which check if RAILS_RELATIVE_URL_ROOT is set or not (but not if it's empty). I've found a patch on http://www.redmine.org/issues/3968 where it check if it's empty or not, which seems a better approach as it seems that firefox and IE interpret differently the fact that the cookie path is empty. Regards Laurent Bigonville -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org