-
Bug
-
Resolution: Resolved Locally
-
Low
-
None
-
None
-
None
-
None
$ wget -O - 'http://stash.acme.com/' --2013-02-14 15:27:32-- http://stash.acme.com/ Resolving stash.acme.com... [skipped] Connecting to stash.acme.com|xx.xx.xx.xx|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://stash.acme.com/login [following] --2013-02-14 15:27:32-- https://stash.acme.com/login Connecting to stash.acme.com|xx.xx.xx.xx|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 6056 (5.9K) [text/html] Saving to: ‘STDOUT’
See what happened:
1. Browser send GET on HTTP (80 port), cookies does not send, cos cookies is setup for HTTPS domain.
2. Stash not found remember_me and session cookie and send redirect to /login.
3. Tomcat forward HTTP to HTTPS.
As result user have page on HTTPS domain, with valid session cookies, but Stash show him 'Login' page as his is not logged in.
Also see STASH-3118 — it for the same error but from other side.
[BSERV-3120] HTTP 302 Redirect from HTTP to HTTPS is possible invalid
| Workflow | Original: Stash Workflow - Restricted [ 1444725 ] | New: JAC Bug Workflow v3 [ 3134583 ] |
| Workflow | Original: Stash Workflow [ 463648 ] | New: Stash Workflow - Restricted [ 1444725 ] |
| Resolution | New: Resolved Locally [ 7 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |
Alexey Efimov
created issue -