search

OrchardCMS / Orchard

Orchard is a free, open source, community-focused Content Management System built on the ASP.NET MVC platform.
https://orchardproject.net
BSD 3-Clause "New" or "Revised" License
2.38k stars 1.12k forks source link

https redirect #1050

Open orchardbot opened 13 years ago

orchardbot commented 13 years ago

@jasper-d created: https://orchard.codeplex.com/workitem/17218

If (forms) authentication require SSL, (AccountController) redirects to http instead of https.

Steps to reproduce:.

  1. Set requireSSL for forms authentication (but don't require SSL for every page)
  2. Log in (coming from insecure http page) using forms auth

Expected: Redirect to https://domain.ext/the_page_you_requested

Actual: Your are redirected to http://domain.ext/the_page_you_requested (you're not logged in because the auth cookie is stored in https context)

This isssue was already discussed here: http://orchard.codeplex.com/Thread/View.aspx?ThreadId=240847

orchardbot commented 13 years ago

@sebastienros commented:

Have you tried using the Orchard SSL module we published on the gallery ?

orchardbot commented 13 years ago

@jasper-d commented:

Yep see here http://orchard.codeplex.com/Thread/View.aspx?ThreadId=240847