With GL-MT300n-V2 and 3.203-0908, Lucy says "wrong password" if opened in http


After having installed Lucy via “Advanced”, the link to the Lucy interface is taking the protocol (http/https) that you use for the gli-net interface where you open the link from.
But Lucy does not seem to accept a login via http, you can open the Lucy login page, but then it says “wrong password” when you are not in https.

I know you can´t influence the Lucy interface error messages, but you could hardcode “https://” into the link to Lucy at “advanced”.

Where are you seeing the 0908 firmware?

But that beta does not matter, it´s minimum since openwrt-mt300n-v2-3.105

Found out the reason:
Luci is writing a cookie from login named “sysauth”.
If you login with https, it writes this cookie with “isSecure”.
If you return to Luci later without https, login tries to overwrite the cookie, but it can´t as its only accessible by https.


This bug just bit me on Spitz GL-X750 v2 on 3.203.

Why doesn’t the firmware just redirect to HTTPS?

1 Like