mirror of
https://github.com/zulip/zulip.git
synced 2025-11-01 20:44:04 +00:00
9b485f3ef4
This adds a new settings, SOCIAL_AUTH_SUBDOMAIN, which specifies which domain should be used for GitHub auth and other python-social-auth backends. If one is running a single-realm Zulip server like chat.zulip.org, one doesn't need to use this setting, but for multi-realm servers using social auth, this fixes an annoying bug where the session cookie that python-social-auth sets early in the auth process on the root domain ends up masking the session cookie that would have been used to determine a user is logged in. The end result was that logging in with GitHub on one domain on a multi-realm server like zulipchat.com would appear to log you out from all the others! We fix this by moving python-social-auth to a separate subdomain. Fixes: #9847.