From: Sven Schöling Date: Wed, 29 Jul 2009 12:56:49 +0000 (+0200) Subject: Secure Cookies. X-Git-Tag: release-2.6.1beta1~338 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=a50a0e0b31e566d6902881c15c899800d04ec04e;p=kivitendo-erp.git Secure Cookies. Sobald der Loginrequest mit HTTPS gesendet wird, wird das Cookie nun auf Secure gesetzt, und sollte nur noch bei sicheren Verbindungen mitgesendet werden. --- diff --git a/SL/Form.pm b/SL/Form.pm index 74de73833..4febdc72a 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -607,9 +607,10 @@ sub create_http_response { my $session_cookie_value = $main::auth->get_session_id(); $session_cookie_value ||= 'NO_SESSION'; - $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), - '-value' => $session_cookie_value, - '-path' => $base_path); + $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), + '-value' => $session_cookie_value, + '-path' => $base_path, + '-secure' => $ENV{HTTPS}); } my %cgi_params = ('-type' => $params{content_type});