wiki:SecSessionPlugin

Maintain a secure session for authenticated user

Description

This is a Trac plugin to lock an authenticated user into using a secure browser session, ie where the web address starts with https://.

Bugs/Feature Requests

Existing bugs and feature requests for SecSessionPlugin are here.

If you have any issues, create a new ticket.

defect

2 / 2

task

0 / 1

Download

Download the zipped source from here.

Source

You can check out SecSessionPlugin from here using Subversion, or browse the source with Trac.

Installation

General instructions on installing Trac plugins can be found on the TracPlugins page.

Configuration

Requires setup in your trac.ini file as follows:

[components]
secsession.* = enabled

The web server must also be configured to only allow access to the login url via https. An example rewrite rule for apache might look like the following:

RewriteEngine On
RewriteRule ^/login https://%{SERVER_NAME}/login [L]

Comments/Discussion

This works great and is very useful (I'm using it with trac 0.9.5), just one issue I'd like to know if anyone has found a workaround for: normally in trac when you click on "login", after the login you stay on the page you were on. With the suggested setup here people always get moved to the base of the wiki. Anyone found a way to get back to the original trac behavior?

I'd like to know if it works with tracd, too.

Recent Changes

1500 by pacopablo on 2006-11-10 04:39:15

SecSessionPlugin:

  • Commited version contributed by csabahenk
1339 by pacopablo on 2006-10-04 16:46:00

SecSessionPlugin:

  • Fixed double port number.
  • orig_uri is not being populated properly.
1336 by pacopablo on 2006-10-04 09:19:43
SecSessionPlugin:

Created 0.10 branch

(more)

Author/Contributors

Author: pacopablo
Maintainer: none (needsadoption)
Contributors: csabahenk

Last modified 12 hours ago Last modified on Dec 7, 2016, 12:32:29 AM