Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9394

Option to disable "secure" cookie when using HTTPS just for login page


    • 8
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured.

      Seraph's CookieUtils.setCookie() method create a secure cookie (ref) if the request had a secure URL, and this cookie isn't sent by the client to a non-secure address.

      The solution to this ticket is to upgrade Confluence to use Seraph to 0.10 or later.

            Unassigned Unassigned
            stephenmorad Stephen Morad
            1 Vote for this issue
            2 Start watching this issue