I am at the mercy of my system admins at the moment, so please hold off on the suggestions that I take an axe to the reverse proxy, because I am heartily in agreement.
We have a reverse proxy separating the server running our website and the one that serves the ~username directories on that same domain. These are on different subdomains (cms vs. www).
Mint installed and worked just fine, but we had to implement some rewrite rules for https:// (for PCI compliance), and that caused some login problems with Mint. You could visit the login screen, authenticate, and then the main Mint screen would display for a moment, and then abruptly redirect to the login screen.
Sounds like a cookie issue, so I cleared cookies and session cookies, and the problem persisted. I dug around and found that the cookie was being set for the cms server, but was invalid on www (where all rewrites go).
I dug around in the cookie code of Mint, and made the following change in the bakeCookie() function /mint/app/lib/mint.php
Original:
$currentDomain = preg_replace('/(^www\.|:\d+$)/', '', (!empty($_SERVER["HTTP_HOST"]) && $_SERVER["HTTP_HOST"]!=$_SERVER['SERVER_NAME'])?$_SERVER["HTTP_HOST"]:$_SERVER['SERVER_NAME']);
Patch:
$currentDomain = preg_replace('/(^www\.|:\d+$)/', '', (!empty($_SERVER["HTTP_HOST"]) && $_SERVER["HTTP_HOST"]!=$_SERVER['SERVER_NAME'])?$_SERVER["HTTP_HOST"]:$_SERVER['HTTP_X_FORWARDED_HOST']);
Obviously, I’d much rather not patch this; “I patched X” readme files are never read until something breaks. Is there some better way to address the problem?
