Opened 6 years ago

Closed 6 years ago

#12415 closed defect (fixed)

HTTPS Everywhere - redirect loops on TechnologyReview.com

Reported by: brunascle Owned by: zyan
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

HTTPS Everywhere causes redirect loops on TechnologyReview.com after authentication.

The specific cause is the <securecookie> in the ruleset. TechnologyReview.com uses two session cookies, one for HTTP and one for HTTPS. Setting the HTTP session cookie to secure-only causes redirect loops between the HTTPS login page and any HTTP page that requires authentication.

Removing <securecookie> from the TechnologyReview.xml ruleset fixes it.

Child Tickets

Change History (1)

comment:1 Changed 6 years ago by zyan

Resolution: fixed
Status: newclosed

Fixed on both git branches.

Note: See TracTickets for help on using tickets.