Am 28.12.2012 20:33, schrieb Benny Pedersen: > Reindl Harald skrev den 2012-12-28 20:22: > >> because cookies are DOMAIN based >> the domain is the same > > and you are not using roundcube ? > > if roundcube have this kind of security problems please dokument it as a > ticket so it gets fixed in php code, for > the apache setup i still keep what i say to not use redirecting
this has NOTHING to do with roundcube it is your lacking knowledge of HTTP basics only idiots would configure a different docroot and hope that whatever used software is respsonsible to make sure that the browser only send abck cookies over https while skilled admins make sure this case in the docroot configuration independent of any script running on the host
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
