Ticket #520 (new task)
Session 443 config in settings.php
| Reported by: | chris | Owned by: | jim |
|---|---|---|---|
| Priority: | trivial | Milestone: | Maintenance |
| Component: | Drupal modules & settings | Keywords: | |
| Cc: | jim, ed | Estimated Number of Hours: | 0.0 |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 0.1 |
Description
There is this warning displaying at https://www.transitionnetwork.org/admin/reports/status
Settings.php is not setup correctly. With the current configuration of 443 Session module, the following lines must be in settings.php.
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
ini_set('session.cookie_secure', 1);
}
Based on the check of what is happening with cookies done on ticket:371#comment:34 and ticket:371#comment:36 things are currently working OK, session cookies do have the secure flag set, so I'm a bit confused by this warning message. I also think that the PHP suggested to add to settings.php looks perfectly sensible and should be included, I'm sure we did have it on the old server, however there are 33 settings.php files on wiki:PuffinServer and I'm not clear which one the live site uses.
Change History
comment:1 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.0 to 0.1
comment:2 Changed 4 years ago by jim
- Priority changed from major to trivial
- Type changed from defect to task
- Milestone set to Maintenance
Already reported in my last comment SSL ticket (484), see that for reasoning, and a link to the Drupal.org issue I raised.
It's an false warning and can only be fixed by patching the Session443 module - I plan to submit a patch at some point this summer, but this is not an issue really and should be closed. Downgrading.
