Christoph Zwerschke a écrit : > Sophana wrote: > >> I reverted to 0.9.2 because of the cookie clear bug which I couldn't >> find a workaround. >> > > If you provide a test case for that bug, I'll try to fix it in the next > version. > > >>> But this would be redirected to /wk/wk/* and not work anyway? >>> >> No, in my case I only redirect / (^/$) with [PT] rewriting (Pass Through) >> Other urls are not redirected. >> > > >> Here is the rewrite rule (apache 2): >> >> RewriteEngine on >> RewriteRule ^/$ /wk/Main [PT] >> > > Ok. I thought you used something like > > RewriteRule ^/(.*) /wk/$1 [L,PT] > > In your case, since you have to servlet paths, you need to use the least > common path, i.e. set CookiePath explicitly to '/'. > > Maybe we should make '/' the default CookiePath again instead of None > (automatic determination)? This is less secure, but at least it will > always work (Microsoft policy ;-) This issue has already caused too much > confusion in the past. > > Could you tell us more about this security problem?
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss
