Fred Bacon wrote: > I just upgraded my company's Roundcube installation from 0.5.3 to 0.7, > and I have an interesting problem. > > We have the force_https option set to true. In the past, if you went to > the unencrypted address and tried to login, you would be redirected to > the encrypted connection, and your login would succeed. > > Now, if you go to the http address and try to login, you are not > redirected to the encrypted connection, and you get an error stating > that "Your session is invalid or expired" when you try to login. > > Can anyone else confirm this error? It's not a show stopper, but it is > a little annoying that the behavior is different. I'm sure to get > complaints on Monday. *sigh*
Works for me with 0.7 and current trunk version. The only change which affected the code responsible for the redirect was the additional support for X-Forwarded-Proto headers for load-balanced environments. ~Thomas -- List info: http://lists.roundcube.net/users/ BT/8f4f07cd
