mirror of
https://github.com/zulip/zulip.git
synced 2025-11-02 13:03:29 +00:00
auth: Fix bug with subdomains and GitHub auth causing apparent logouts.
This adds a new settings, SOCIAL_AUTH_SUBDOMAIN, which specifies which domain should be used for GitHub auth and other python-social-auth backends. If one is running a single-realm Zulip server like chat.zulip.org, one doesn't need to use this setting, but for multi-realm servers using social auth, this fixes an annoying bug where the session cookie that python-social-auth sets early in the auth process on the root domain ends up masking the session cookie that would have been used to determine a user is logged in. The end result was that logging in with GitHub on one domain on a multi-realm server like zulipchat.com would appear to log you out from all the others! We fix this by moving python-social-auth to a separate subdomain. Fixes: #9847.
This commit is contained in:
Aditya Bansal
committed by
Tim Abbott
Tim Abbott
parent
4bbccd8287
commit
9b485f3ef4
@@ -20,6 +20,9 @@ in bursts.
|
||||
- Added an organization setting to control who can edit topics.
|
||||
- Added ctrl+K keyboard shortcut for getting to search (same as /, but
|
||||
works even when you're inside compose).
|
||||
- Added the new `SOCIAL_AUTH_SUBDOMAIN` setting, which all servers using
|
||||
both GitHub authentication and hosting multiple Zulip organizations
|
||||
should set (see [the docs for details](../production/multiple-organizations.html#social-authentication)).
|
||||
- Optimized the performance of loading Zulip in an organization with
|
||||
thousands of users and hundreds of bot users.
|
||||
- Removed the "Delete streams" administration page; one can delete
|
||||
|
||||
Reference in New Issue
Block a user