detect sslcookie set and no https

This is likely a misconfiguration and can cause login to fail as the
browser refuses the send the session cookie back over http.

Not entirely happy with putting the check where I did, since users have to
try to log in, and fail, to see the misconfiguration explained. But I could
not find a better place to put the check.

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 3000ed1000d1d978fc4ed633da4463de901a2baa..04f24b04f986c2618b0cbf619e09ba7dfbff58ee 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -142,7 +142,12 @@ sub cgi_postsignin ($$) {
                exit;
        }
        else {
-               error(gettext("login failed, perhaps you need to turn on cookies?"));
+               if ($config{sslcookie} && ! $q->https()) {
+                       error(gettext("probable misconfiguration: sslcookie is set, but you are attepting to login via http, not https"));
+               }
+               else {
+                       error(gettext("login failed, perhaps you need to turn on cookies?"));
+               }
        }
 }