Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1644

xmlui.force.ssl ignored if authenticated user switches from https to http

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7.3, 1.8.1
    • Fix Version/s: 4.0
    • Component/s: XMLUI
    • Labels:
      None
    • Environment:
      RHEL
    • Attachments:
      0
    • Comments:
      3
    • Documentation Status:
      Not Required

      Description

      While testing, I noticed that my user session was retained if I explicitly switch from https to http in spite of having xmlui.force.ssl set.

      org.dspace.app.xmlui.cocoon.DSpaceCocoonServletFilter contains the following test:
      realRequest.getSession().getAttribute("dspace.current.user.id")

      That session variable is never set in my testings.

      If I use dspace.user.effective, the redirect to https is enforced.

        Attachments

          Activity

            People

            • Assignee:
              mwood Mark H. Wood
              Reporter:
              terrywbrady Terry Brady
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: