Closed (won't fix)
Project:
Secure Pages
Version:
5.x-1.3
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Reporter:
Created:
1 Sep 2007 at 17:38 UTC
Updated:
22 Aug 2011 at 21:26 UTC
Jump to comment: Most recent file
Many sites might have a SSL cert that is named something besides www.example.com. This patch allows the subdomain of the SSL site to be different than the subdomain of the main site.
Like:
normal site secure site
http://www.example.com https://superduper.example.com
http://www.example.com https://ssl.example.com
http://www.example.com https://checkout.example.com
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | securepages_subdomain1.patch | 4.32 KB | davea |
| securepages_subdomain.patch | 4.47 KB | davea |
Comments
Comment #1
davea commentedHere is an update. Removing the syslog entries as you requested. Your request about adding the SESSIONID in the URL is not included in this update.
Comment #2
davea commentedAfter doing some research, it seems that passing the SESSIONID in the URL is not secure and can lead to session hijacking. Including this feature would be a REAL security problem.
However, I will say that I have been running this on several sites now and it works well. I can update the patch for the latest version. Gordon?
Dave
Comment #3
grendzy commentedThe 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.