From a50a0e0b31e566d6902881c15c899800d04ec04e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Sven=20Sch=C3=B6ling?= <s.schoeling@linet-services.de>
Date: Wed, 29 Jul 2009 14:56:49 +0200
Subject: [PATCH] Secure Cookies.

Sobald der Loginrequest mit HTTPS gesendet wird, wird das Cookie nun auf
Secure gesetzt, und sollte nur noch bei sicheren Verbindungen
mitgesendet werden.
---
 SL/Form.pm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/SL/Form.pm b/SL/Form.pm
index 74de73833..4febdc72a 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -607,9 +607,10 @@ sub create_http_response {
     my $session_cookie_value   = $main::auth->get_session_id();
     $session_cookie_value    ||= 'NO_SESSION';
 
-    $session_cookie = $cgi->cookie('-name'  => $main::auth->get_session_cookie_name(),
-                                   '-value' => $session_cookie_value,
-                                   '-path'  => $base_path);
+    $session_cookie = $cgi->cookie('-name'   => $main::auth->get_session_cookie_name(),
+                                   '-value'  => $session_cookie_value,
+                                   '-path'   => $base_path,
+                                   '-secure' => $ENV{HTTPS});
   }
 
   my %cgi_params = ('-type' => $params{content_type});
-- 
2.20.1