Am 28.12.2012 20:19, schrieb Benny Pedersen: > Robert Moskowitz skrev den 2012-12-28 20:06: > >> Any connection to http://webmail.foo.com gets returned as >> https://webmail.foo.com It took a bit of reading to get to this >> setup. > > http:// link should be seperate documentroot in apache with a diff content on > that homepage that just say use > https:// to get webmail access
you did still not understand basics if the cookies itself are not flagged with "secure only" the different docroot does not help in any way - you can place any redirect, info-page or whatever to the http:// site but after get the cookie from https:// roundcube and call the http// URL you will send your cookie UNECNRYPTED why? because cookies are DOMAIN based the domain is the same
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
