LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 03-05-2007, 01:58 AM   #1
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Arrow HTTPS/HTTP Authentication Issue


just noticed something weird... let's say i login to LQ using HTTPS... then i go into my email and click on a link in a LQ "Reply to post" message (or go directly to LQ via HTTP) -- i'll need to login *again* (this time via HTTP)... is this a problem on my end, or can anyone else confirm this behavior??

Last edited by win32sux; 03-05-2007 at 02:04 AM.
 
Old 03-05-2007, 08:37 AM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,418

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
That's the correct behavior to my understanding. Your browser is sending different cookies back and forth to what are in essence different URI's.

--jeremy
 
Old 03-05-2007, 03:29 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
thanks for the reply!!! yeah, that makes sense... i wonder why i never noticed before... i guess i've always been logged-in using both methods... =/

EDIT: actually, i just did a test and realized the inverse is not true... in other words, if you log-in via HTTP and then switch to HTTPS you'll be fine... you only need to re-login when going from HTTPS to HTTP...

on a side note... what are your thoughts on a checkbox in the user's configuration section which when checked would make it so that the "Reply to post" email messages (or better yet, any LQ message) would use HTTPS links instead of HTTP ones??

Last edited by win32sux; 03-06-2007 at 01:05 AM.
 
Old 03-05-2007, 05:54 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,418

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
I believe a "secure" cookie can be read by both, but not the inverse (which makes sense). We've never fully supported or advertised the SSL address, which is something we should do. I'll look into proper support for a future release. Thanks!

--jeremy
 
Old 03-05-2007, 10:45 PM   #5
Jaqui
Member
 
Registered: Jan 2006
Location: Vancouver BC
Distribution: LFS, SLak, Gentoo, Debian
Posts: 291

Rep: Reputation: 36
Jeremy,
I know I saw on one of the security lists a recommendation that, for security reasons, the entire internet should be defaulted to ssl. The drawback is the reduction in speed.
[ takes a few extra seconds to load an ssl page over a non secured page ]
It would remove phishing / fake site issues almost entirely is the reasoning.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
https with http problem Ameii83 Linux - Newbie 2 06-12-2006 09:26 PM
https works, but not http squeaks_27 Linux - Networking 1 05-31-2005 08:41 PM
http and https wennie Linux - Software 1 04-01-2005 11:47 AM
HTTP to HTTPS shegde Linux - Software 8 01-31-2003 04:29 AM
https or http? antken Programming 3 10-30-2002 05:06 PM


All times are GMT -5. The time now is 03:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration