diff options
| author | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-03-02 13:56:35 +0000 |
|---|---|---|
| committer | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-03-02 13:56:35 +0000 |
| commit | d8890ecb44860a4a8a4057d262bdd1f3c790ee99 (patch) | |
| tree | 932ab3121569bc155cd5312fcd7083ec79066dc4 /auth_mellon_cookie.c | |
| parent | 7a1a61171ff594efd9da0884f483917f0e7750ea (diff) | |
| download | mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.tar.gz mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.tar.xz mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.zip | |
Add a MellonSecureCookie setting to enforce Secure + HttpOnly flags for
session cookies.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@40 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_cookie.c')
| -rw-r--r-- | auth_mellon_cookie.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c index 4995a06..b7453ad 100644 --- a/auth_mellon_cookie.c +++ b/auth_mellon_cookie.c @@ -140,13 +140,18 @@ void am_cookie_set(request_rec *r, const char *id) { const char *name; char *cookie; + int secure_cookie; if (id == NULL) return; + secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure; name = am_cookie_name(r); - cookie = apr_psprintf(r->pool, "%s=%s; Version=1; Path=/", name, id); + cookie = apr_psprintf(r->pool, + "%s=%s; Version=1; Path=/; Domain=%s%s;", + name, id, r->server->server_hostname, + secure_cookie ? "; HttpOnly; secure" : ""); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "cookie_set: %s", cookie); |