mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 08:52:39 +01:00
No description
ed33e59c5a
Summary: In D758, I tightened the scope for which we issue cookies. Instead of setting them on the whole domain we set them only on the subdomain, and we set them as HTTPS only if the install is HTTPS. However, this can leave the user with a stale HTTP cookie which the browser sends and which never gets cleared. Handle this situation by: - Clear all four <domain, https> pairs when clearing cookies ("nuke it from orbit"). - Clear 'phsid' cookies when they're invalid. Test Plan: Applied a hackier version of this patch to secure.phabricator.com and was able to login with a stale HTTP cookie. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, jungejason Differential Revision: 838 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support/aphlict | ||
| webroot | ||
| .arcconfig | ||
| .divinerconfig | ||
| .gitignore | ||
| .gitmodules | ||
| CHANGELOG | ||
| README | ||
Phabricator is a open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. This is an early release. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted. http://www.apache.org/licenses/LICENSE-2.0