Closed praneet12 closed 5 years ago
this is a critical security vulnerability btw.
how to fix:
run this:
docker-compose exec cachet cat /etc/nginx/conf.d/default.conf > nginx.conf
it will create a copy of the nginx config within the container.
then in your docker-compose.yml just set this:
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
then edit the nginx.conf
replace fastcgi_cache microcache;
with fastcgi_cache off;
do a docker-compose up -d
and voila. now you don't leak your sessions.
should have been fixed with #311
I have setup the cachet locally it works fine. But when I do the same using docker then session is not persistent. I am able to fetch someones others account in Cachet. Sometimes if someones login one account gets automatically logouts.