kolan
/
obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set the httponly flag on the autologin cookie. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4757 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2011-01-23 11:40:07 +00:00 committed by Eric Davis
parent 4adf3abf83
commit ef32606c43
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/account_controller.rb
View File

@ -216,7 +216,8 @@ class AccountController < ApplicationController
:value => token.value, :value => token.value,
:expires => 1.year.from_now, :expires => 1.year.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || '/'), :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false) :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
} }
cookies[cookie_name] = cookie_options cookies[cookie_name] = cookie_options
end end