mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
Browse Source

Set secure session cookies when redirecting from HTTP to HTTPS. 

So far for session cookies the secure property was only set when no
HTTP port was opened. This changes to also set it when HTTP is redirected
to the HTTPS port.
tags/merged--secureCookies
Florian Zschocke 7 years ago
parent
90a8d1af6c
commit
60099a42fa
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2
    1
      src/main/java/com/gitblit/GitBlitServer.java

+ 2
- 1
src/main/java/com/gitblit/GitBlitServer.java View File

@@ -375,7 +375,8 @@ public class GitBlitServer {
HashSessionManager sessionManager = new HashSessionManager();
sessionManager.setHttpOnly(true);
// Use secure cookies if only serving https
sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) ||
(params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) );
rootContext.getSessionHandler().setSessionManager(sessionManager);

// Ensure there is a defined User Service

Write Preview
Loading…
Cancel
Save