##// END OF EJS Templates
jro_apps » redmine
RSS
Set autologin cookie as secure by default when using https (#20935)....
Jean-Philippe Lang -
r14266:8369b6b13333
parent child
Show More
Side by Side Unified
Context file:
r14266:8369b6b13333 Loading diff...:
Show file before | Show file after | Hide comments
@@ -265,11 +265,15 class AccountController < ApplicationController
265
265
266 def set_autologin_cookie(user)
266 def set_autologin_cookie(user)
267 token = Token.create(:user => user, :action => 'autologin')
267 token = Token.create(:user => user, :action => 'autologin')
268 secure = Redmine::Configuration['autologin_cookie_secure']
269 if secure.nil?
270 secure = request.ssl?
271 end
268 cookie_options = {
272 cookie_options = {
269 :value => token.value,
273 :value => token.value,
270 :expires => 1.year.from_now,
274 :expires => 1.year.from_now,
271 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
275 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
272 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
276 :secure => secure,
273 :httponly => true
277 :httponly => true
274 }
278 }
275 cookies[autologin_cookie_name] = cookie_options
279 cookies[autologin_cookie_name] = cookie_options
General Comments 0
You need to be logged in to leave comments. Login now