[Rt-devel] rt3: secure cookie patch [3.2.2]
Pavel Ruzicka
pavel.ruzicka at i.cz
Fri Jun 24 08:22:13 EDT 2005
Hi, this patch adds ability to use Secure Cookie for https only
installations, depended on variable in RT_SiteConfig.pm (default value
in RT_Config.pm should be 0). Is there any reason why this is not
already in RT3 ? I did few tests and didnt find any issue related to
this adjustment.
patch against RT3.2.2 installation:
--- share/html/Elements/SetupSessionCookie Thu Jul 29 02:08:11 2004
+++ local/html/Elements/SetupSessionCookie Fri Jun 24 13:49:55 2005
@@ -94,7 +94,8 @@
my $cookie = new CGI::Cookie(
-name => $cookiename,
-value => $session{_session_id},
- -path => '/',
+ -path => $RT::WebPath,
+ -secure => $RT::UseSecureCookie
);
$r->headers_out->{'Set-Cookie'} = $cookie->as_string;
and define in RT_SiteConfig.pm:
# if you have https instalation only set to 1, otherwise 0
Set($UseSecureCookie, '1');
--
Pavel Ruzicka, ICZ
More information about the Rt-devel
mailing list