Set autologin cookie as secure by default when using https (#20935).

git-svn-id: http://svn.redmine.org/redmine/trunk@14648 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index d5e0f30e2e25a6ac6945701087d35c976aa46517..26121ce4a4f9d71b692935b373cce4a5785a7fad 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -265,11 +265,15 @@ class AccountController < ApplicationController
 
   def set_autologin_cookie(user)
     token = Token.create(:user => user, :action => 'autologin')
+    secure = Redmine::Configuration['autologin_cookie_secure']
+    if secure.nil?
+      secure = request.ssl?
+    end
     cookie_options = {
       :value => token.value,
       :expires => 1.year.from_now,
       :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :secure => secure,
       :httponly => true
     }
     cookies[autologin_cookie_name] = cookie_options