- only variables in a non-top namespace survive session cleanup. The logic of the old code assumed that global variables survive the request-cleanup. now, the cached values is kept in the ::acs::* namespace
- undo previous secure-cookie change since it interacts badly in situations where "RestrictLoginToSSLP" is "1" and https is available: In such cases, e.g. the login page is redirected from a http (insecure) url to an https (secure) page. But when later continuing on the http connection, the user appears to be not logged in, since a well-behaved browser does not send the "secure" login coockie over the insecure connection.
Loading ...