Deduplicate session cookies in headers

This removes one of the 2 identical copies of the ipa_session cookie Fixes https://fedorahosted.org/freeipa/ticket/6676 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Simo Sorce <simo@redhat.com> 2017-02-16 13:29:10 -0500
committer: Martin Basti <mbasti@redhat.com> 2017-02-17 09:57:23 +0100
commit: d0642bfa55e9c24429675f623bc0e35824bc9fb0 (patch)
tree: e8c98035b98e9bc3468958b4fd71e381522b9ccc
parent: b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c (diff)
download: freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.tar.gz
freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.tar.xz
freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index f0330c544..635bfe5c6 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -79,6 +79,11 @@ WSGIScriptReloading Off
   WSGIApplicationGroup ipa
   Header always append X-Frame-Options DENY
   Header always append Content-Security-Policy "frame-ancestors 'none'"
+
+  # mod_session always sets two copies of the cookie, and this confuses our
+  # legacy clients, the unset here works because it ends up unsetting only one
+  # of the 2 header tables set by mod_session, leaving the other intact
+  Header unset Set-Cookie
 </Location>
 
 # Target for login with internal connections
author	Simo Sorce <simo@redhat.com>	2017-02-16 13:29:10 -0500
committer	Martin Basti <mbasti@redhat.com>	2017-02-17 09:57:23 +0100
commit	d0642bfa55e9c24429675f623bc0e35824bc9fb0 (patch)
tree	e8c98035b98e9bc3468958b4fd71e381522b9ccc
parent	b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c (diff)
download	freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.tar.gz freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.tar.xz freeipa-d0642bfa55e9c24429675f623bc0e35824bc9fb0.zip