From d0642bfa55e9c24429675f623bc0e35824bc9fb0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Feb 17 2017 08:57:23 +0000 Subject: Deduplicate session cookies in headers This removes one of the 2 identical copies of the ipa_session cookie Fixes https://fedorahosted.org/freeipa/ticket/6676 Signed-off-by: Simo Sorce Reviewed-By: Alexander Bokovoy --- diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index f0330c5..635bfe5 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -79,6 +79,11 @@ WSGIScriptReloading Off WSGIApplicationGroup ipa Header always append X-Frame-Options DENY Header always append Content-Security-Policy "frame-ancestors 'none'" + + # mod_session always sets two copies of the cookie, and this confuses our + # legacy clients, the unset here works because it ends up unsetting only one + # of the 2 header tables set by mod_session, leaving the other intact + Header unset Set-Cookie # Target for login with internal connections