[Rt-commit] r5888 - in rt/branches/3.6-RELEASE: . html/Elements

jesse at bestpractical.com jesse at bestpractical.com
Fri Sep 8 16:51:01 EDT 2006 

Author: jesse
Date: Fri Sep  8 16:51:01 2006
New Revision: 5888

Modified:
   rt/branches/3.6-RELEASE/   (props changed)
   rt/branches/3.6-RELEASE/etc/RT_Config.pm.in
   rt/branches/3.6-RELEASE/html/Elements/SetupSessionCookie

Log:
 r27291 at pinglin:  jesse | 2006-09-08 14:19:50 -0400
 * Support for marking RT's HTTP cookie as "secure."  Patch from Pavel Ruzicka.


Modified: rt/branches/3.6-RELEASE/etc/RT_Config.pm.in
==============================================================================
--- rt/branches/3.6-RELEASE/etc/RT_Config.pm.in	(original)
+++ rt/branches/3.6-RELEASE/etc/RT_Config.pm.in	Fri Sep  8 16:51:01 2006
@@ -418,12 +418,23 @@
 
 # Set($WebSessionClass , 'Apache::Session::File');
 
+
+# By default, RT's session cookie isn't marked as "secure" Some web browsers 
+# will treat secure cookies more carefully than non-secure ones, being careful
+# not to write them to disk, only send them over an SSL secured connection 
+# and so on. To enable this behaviour, set # $WebSecureCookies to a true value. 
+# NOTE: You probably don't want to turn this on _unless_ users are only connecting
+# via SSL encrypted HTTP connections.
+
+Set($WebSecureCookies, 0);
+
+
 # By default, RT clears its database cache after every page view.
 # This ensures that you've always got the most current information 
 # when working in a multi-process (mod_perl or FastCGI) Environment
 # Setting $WebFlushDbCacheEveryRequest to '0' will turn this off,
 # which will speed RT up a bit, at the expense of a tiny bit of data 
-# accuracy
+# accuracy.
 
 Set($WebFlushDbCacheEveryRequest, '1');
 

Modified: rt/branches/3.6-RELEASE/html/Elements/SetupSessionCookie
==============================================================================
--- rt/branches/3.6-RELEASE/html/Elements/SetupSessionCookie	(original)
+++ rt/branches/3.6-RELEASE/html/Elements/SetupSessionCookie	Fri Sep  8 16:51:01 2006
@@ -110,7 +110,8 @@
     my $cookie = new CGI::Cookie(
         -name  => $cookiename,
         -value => $session{_session_id},
-        -path  => '/',
+        -path  => $RT::WebPath,
+        -secure => ($RT::WebSecureCookies ? 1 :0)
     );
     $r->headers_out->{'Set-Cookie'} = $cookie->as_string;

More information about the Rt-commit mailing list