Secure cookies in http mode

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
abatie
Advanced member
Advanced member
Posts: 61
Joined: Thu Aug 07, 2014 12:02 pm

Secure cookies in http mode

Post by abatie »

I'm playing with a development cluster (8.7.11_GA_1854_RHEL7_64) and trying to set it to http mode for testing. I seem to be able to get it into http mode, however, when logging in, it sends a cookie with the Secure attribute:

Set-Cookie: ZM_TEST=true;Secure

As a result, the browser refuses to send the cookie back and the login page pops up a warning that I have cookies disabled. How do I get it to actually work in http mode?

To some extent, I'm glad it's proving very difficult to get it to work insecurely, but it's nuisance in a test environment...
daniele.antolini
Posts: 36
Joined: Fri Jul 08, 2016 7:41 am

Re: Secure cookies in http mode

Post by daniele.antolini »

I've resolved the issue in this way:

1) Go via https to the login page (I've set BOTH mode)
2) Logout from session
3) Try to login via http

For me it works.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Secure cookies in http mode

Post by DualBoot »

Hello,

this is a common problem with transferring cookie from proxy to store when HTTPS is enabled with SSL upstream.
Put redirect mode on proxy and both mode on store. This configuration should fix your problem.
Post Reply