diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-10-07 19:43:12 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-10-07 19:43:12 +0000 |
| commit | 8369b6b13333e4dde69eddbb4a1fe8b9caa2755c (patch) | |
| tree | 944d53543dc1832ea776035c2330f2576228e2c3 | |
| parent | b0be968d36f530e4822733f2e012c6a3bdc6076e (diff) | |
| download | redmine-8369b6b13333e4dde69eddbb4a1fe8b9caa2755c.tar.gz redmine-8369b6b13333e4dde69eddbb4a1fe8b9caa2755c.zip | |
Set autologin cookie as secure by default when using https (#20935).
git-svn-id: http://svn.redmine.org/redmine/trunk@14648 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/account_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index d5e0f30e2..26121ce4a 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -265,11 +265,15 @@ class AccountController < ApplicationController def set_autologin_cookie(user) token = Token.create(:user => user, :action => 'autologin') + secure = Redmine::Configuration['autologin_cookie_secure'] + if secure.nil? + secure = request.ssl? + end cookie_options = { :value => token.value, :expires => 1.year.from_now, :path => (Redmine::Configuration['autologin_cookie_path'] || '/'), - :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), + :secure => secure, :httponly => true } cookies[autologin_cookie_name] = cookie_options |