From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 7 Oct 2015 19:43:12 +0000 (+0000)
Subject: Set autologin cookie as secure by default when using https (#20935).
X-Git-Tag: 3.2.0~199
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8369b6b13333e4dde69eddbb4a1fe8b9caa2755c;p=redmine.git

Set autologin cookie as secure by default when using https (#20935).

git-svn-id: http://svn.redmine.org/redmine/trunk@14648 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index d5e0f30e2..26121ce4a 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -265,11 +265,15 @@ class AccountController < ApplicationController
 
   def set_autologin_cookie(user)
     token = Token.create(:user => user, :action => 'autologin')
+    secure = Redmine::Configuration['autologin_cookie_secure']
+    if secure.nil?
+      secure = request.ssl?
+    end
     cookie_options = {
       :value => token.value,
       :expires => 1.year.from_now,
       :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :secure => secure,
       :httponly => true
     }
     cookies[autologin_cookie_name] = cookie_options