[tor-bugs] #11617 [EFF-HTTPS Everywhere]: HTTPS-E v3.5.1 breaks Sape blog/forum login

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 26 13:54:57 UTC 2014


#11617: HTTPS-E v3.5.1 breaks Sape blog/forum login
----------------------------------+-----------------------------
 Reporter:  Ache                  |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:  HTTPS-E 3.5
Component:  EFF-HTTPS Everywhere  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+-----------------------------
 v3.5.1 accepts user/pass for Sape blog and forum, but then happens nothing
 after redirect, i.e. user is not logged in. Looking into Sape.xml I found:
 <!--
         Nonfunctional subdomains:

                 - blog
                 - forum

 -->
 Well, this is true.
 ...
         <securecookie host="^.*\.sape\.ru$" name=".+" />
 And I think this one line breaks logins because blog.sape.ru and
 forum.sape.ru are not excluded from secure cookie and have normal cookie
 in fact.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11617>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list