diff MoinMoin/session.py @ 4084:be4cefe2a219

secure session cookies for https, cfg.cookie_secure
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 12 Sep 2008 22:01:46 +0200
parents 68da15c7eeec
children afd75bb5f345
line wrap: on
line diff
--- a/MoinMoin/session.py	Tue Sep 09 00:11:28 2008 +0200
+++ b/MoinMoin/session.py	Fri Sep 12 22:01:46 2008 +0200
@@ -318,6 +318,10 @@
             cookie[cookie_name]['path'] = path
         # Set expires for older clients
         cookie[cookie_name]['expires'] = request.httpDate(when=expires, rfc='850')
+        # a secure cookie is not transmitted over unsecure connections:
+        if (cfg.cookie_secure or  # True means: force secure cookies
+            cfg.cookie_secure is None and request.is_ssl):  # None means: https -> secure cookie
+            cookie[cookie_name]['secure'] = True
         return cookie.output()
 
     def _set_cookie(self, request, cookie_string, expires):