Defect #6583

Separate non-subURI Redmine instances on the same machine cannot be logged into at once

Added by Pierce Morton almost 11 years ago.

Status:NewStart date:2010-10-06
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-Estimated time:2.00 hours
Target version:-
Resolution: Affected version:1.0.2

Description

This problem is trivial to reproduce.

Create two separate Redmine folders from the 1.02 package.

Initialise both as Redmine instances using the standard procedures, and run them with WebRICK or Mongrel on two different ports (so one is on machine:1234 and the other on machine:3000 )

Log into one, move around a bit, then log into the other. Switch back to the first one and click a link. You will be taken to the login screen.

Apparently the original 'setcookie' specification ignores ports, so one instance clobbers the other's session cookie.

Proposed resolution:
I took a look at the Redmine code. The session seems to be always set with a name '_redmine_session' and a randomly generated secret.
What I propose is this:
Edit the rake task in 'initialisers.rake' to accept a single argument for an identifier for the instance. This identifier is appended to the '_redmine_session' string during code generation. Thus each Redmine instance doesn't stomp on the other's cookie even if they are hosted on the same machine.

This also provides a cleaner solution to #3968 that avoids hand-editing code.

Also available in: Atom PDF