Feature #1763
closed
Autologin-cookie should be configurable
0%
Description
Currently the autologin-cookie is generated by ./app/controllers/account_controller.rb. There are currently no configurable settings regarding the autologin-cookie.
These facts currently makes the autologin-functionality unusable when using multiple (seperate) Redmine deployments on one domain under different sub-URI's. It may also interfere with autologin-cookies from other installed apps under the different sub-URI's.
It's possible to hack the account_controller manually in such a way that those properties are getting set for the cookie but than "it" looks like it breaks something, since after such hack the cookie isn't deleted anylonger when the user logs-out. This is possibly caused by the fact that the cookie with such extended properties doesn't match the search-string when the logout-routines are triggered and run (though I'm not sure about that).
I'd propose to make the following properties configurable (or add them) for the autologin-cookie:keypathsecure
(3) is equal to the request in #982 but I thought it was better to list it here also.
Furthermore issue #540 is related too this issue too, since it mentions the in this issue described behaviour also.
Related issues
Updated by 
Updated by 
Updated by 
Updated by