From a50a0e0b31e566d6902881c15c899800d04ec04e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Sven=20Sch=C3=B6ling?= Date: Wed, 29 Jul 2009 14:56:49 +0200 Subject: [PATCH] Secure Cookies. Sobald der Loginrequest mit HTTPS gesendet wird, wird das Cookie nun auf Secure gesetzt, und sollte nur noch bei sicheren Verbindungen mitgesendet werden. --- SL/Form.pm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/SL/Form.pm b/SL/Form.pm index 74de73833..4febdc72a 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -607,9 +607,10 @@ sub create_http_response { my $session_cookie_value = $main::auth->get_session_id(); $session_cookie_value ||= 'NO_SESSION'; - $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), - '-value' => $session_cookie_value, - '-path' => $base_path); + $session_cookie = $cgi->cookie('-name' => $main::auth->get_session_cookie_name(), + '-value' => $session_cookie_value, + '-path' => $base_path, + '-secure' => $ENV{HTTPS}); } my %cgi_params = ('-type' => $params{content_type}); -- 2.20.1