merged sslcookie-auto

author Joey Hess <joey@kitenet.net>

Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)

committer Joey Hess <joey@kitenet.net>

Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)
author Joey Hess <joey@kitenet.net>
Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)
committer Joey Hess <joey@kitenet.net>
Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)
diff --git a/debian/changelog b/debian/changelog

index ec995a08aaa731d599badc17b720d8bbe59ca4f6..82f9ece19b12078c491c5b36b8556f023a2006df 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ ikiwiki (3.20101130) UNRELEASED; urgency=low
    * API: urlto without a defined second parameter now generates an url
      that starts with "/" (when possible; eg when the site's url and cgiurl
      are on the same domain).
+  * Now when users log in via https, ikiwiki sends a secure cookie, that can
+    only be used over https. If the user switches to using http, they will
+    need to re-login. (smcv)
  
   -- Joey Hess <joeyh@debian.org>  Mon, 29 Nov 2010 14:44:13 -0400
  
diff --git a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn

index f72b2d2d5df11f840c3398e469af3955d874e268..194db2f36c2392bb23b8fab782580159da617609 100644 (file)
--- a/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
+++ b/doc/todo/use_secure_cookies_for_ssl_logins.mdwn
@@ -32,3 +32,5 @@ get a secure session cookie, but if you log in over HTTP, you won't.
  > first, so that dual https/http sites can better be set up. --[[Joey]]
  
  >> Thanks for merging that! :-) --s
+
+[[merged|done]] --[[Joey]]
author	Joey Hess <joey@kitenet.net>
	Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)
committer	Joey Hess <joey@kitenet.net>
	Mon, 29 Nov 2010 20:32:23 +0000 (16:32 -0400)
debian/changelog		patch \| blob \| history
doc/todo/use_secure_cookies_for_ssl_logins.mdwn		patch \| blob \| history