This is an automated notification sent by LCG Savannah.
It relates to:
task #8429, project CDS Invenio
==============================================================================
OVERVIEW of task #8429:
==============================================================================
URL:
<http://savannah.cern.ch/task/?8429>
Summary: Final solution to IP address cookie check and
HTTP/HTTPS proxy
Project: CDS Invenio
Submitted by: skaplun
Submitted on: 2008-11-12 11:59
Should Start On: 2008-11-12 00:00
Should be Finished on: 2008-11-12 00:00
Category: WebSession
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: skaplun
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
When people are browsing CDS through a web proxy (sometimes they don't have
the ability to disable it) and the proxy is used only for HTTP connections
(or only for HTTPS connections), users appear alternatively with two
different IP addresses causing Invenio websession implementation to kill
their session, for security reasons.
A final solution to this problem could be to store both IP addresses in the
session information, associating it with the HTTP vs HTTPS information. HTTPS
IP address will be compare with HTTPS incoming IP address and correspondingly
for HTTP.
_______________________________________________________
Carbon-Copy List:
CC Address | Comment
------------------------------------+-----------------------------
2195 | -SUB-
==============================================================================
This item URL is:
<http://savannah.cern.ch/task/?8429>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
