Set secure session cookies when redirecting from HTTP to HTTPS.merged--secureCookies

So far for session cookies the secure property was only set when no HTTP port was opened. This changes to also set it when HTTP is redirected to the HTTPS port.
author: Florian Zschocke <florian.zschocke@devolo.de> 2016-12-10 11:30:28 +0100
committer: Florian Zschocke <florian.zschocke@devolo.de> 2016-12-10 11:30:28 +0100
commit: 60099a42faf7c34edb4651253cdb1a7723fbf029 (patch)
tree: 69d5267a8084c1941591918cd8108df97671ad2c
parent: 90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb (diff)
download: gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.tar.gz
gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index d56d9c0c..6123a872 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -375,7 +375,8 @@ public class GitBlitServer {
 		HashSessionManager sessionManager = new HashSessionManager();
 		sessionManager.setHttpOnly(true);
 		// Use secure cookies if only serving https
-		sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
+		sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) ||
+				(params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) );
 		rootContext.getSessionHandler().setSessionManager(sessionManager);
 
 		// Ensure there is a defined User Service
author	Florian Zschocke <florian.zschocke@devolo.de>	2016-12-10 11:30:28 +0100
committer	Florian Zschocke <florian.zschocke@devolo.de>	2016-12-10 11:30:28 +0100
commit	60099a42faf7c34edb4651253cdb1a7723fbf029 (patch)
tree	69d5267a8084c1941591918cd8108df97671ad2c
parent	90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb (diff)
download	gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.tar.gz gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.zip