Jo-Philipp Wich e1932592c3 luci-base: use different cookie names for HTTP and HTTPS ... Since HTTP cookies may not overwrite HTTPS ("secure") ones, users are frequently unable to log into LuCI when a stale, "secure" `sysauth` cookie is still present in the browser as it commonly happens after e.g. a sysupgrade operation or when frequently jumping between HTTP and HTTPS access. Rework the dispatcher to set either a `sysauth_http` or `sysauth_https` cookie, depending on the HTTPS state of the server connection and accept both cookie names when verifying the session ID. This allows users to log into a HTTP-only LuCI instance while a stale, "secure" HTTPS cookie is still present. Requires commit 2b0539ef9d ("lucihttp: update to latest Git HEAD") to function properly. Fixes: #5843 Signed-off-by: Jo-Philipp Wich <jo@mein.io>		2022-07-08 15:38:53 +02:00
..
libexec/rpcd	luci-base: fix DSL feature detection	2022-05-03 14:55:00 +02:00
share	luci-base: use different cookie names for HTTP and HTTPS	2022-07-08 15:38:53 +02:00