Package: redmine
Version: 0.9.4-1
Severity: important

Hi,

I ran today into a odd problem.

My users where able to login but for some operation the get
an "Invalid form authenticity token" error.

I also discovered that redmine was setting several cookies instead of
only one. After some search I figured out that:
DefaultInitEnv RAILS_RELATIVE_URL_ROOT "" was set in my apache config,
commenting this directive fix everything.

In config/environment.rb there is
:session_path => ENV['RAILS_RELATIVE_URL_ROOT'] ? 
ENV['RAILS_RELATIVE_URL_ROOT'] : '/'
which check if RAILS_RELATIVE_URL_ROOT is set or not (but not if it's
empty). I've found a patch on http://www.redmine.org/issues/3968 where
it check if it's empty or not, which seems a better approach as it
seems that firefox and IE interpret differently the fact that the
cookie path is empty.

Regards

Laurent Bigonville



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to