F #3738: Secure cookie flag if scheme is https (#3738)

Signed-off-by: xBytez <git@xbytez.io>
2025-03-27 10:50:10 +03:00 · 2019-10-10 17:09:40 +02:00 · 2019-10-10 17:09:40 +02:00 · df599d19c3
commit df599d19c3
parent 2fade66f92
1 changed files with 11 additions and 0 deletions
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@ -411,6 +411,12 @@ helpers do

        # end user options

+        # secure cookies
+        if request.scheme == 'https'
+            env['rack.session.options'][:secure] = true
+        end
+        # end secure cookies
+
        if params[:remember] == 'true'
            env['rack.session.options'][:expire_after] = 30*60*60*24-1
        end
@ -522,6 +528,11 @@ end

 after do
    unless request.path=='/login' || request.path=='/' || request.path=='/'
+        # secure cookies
+        if request.scheme == 'https'
+            env['rack.session.options'][:secure] = true
+        end
+        # end secure cookies
        unless session[:remember] == "true"
            if params[:timeout] == "true"
                env['rack.session.options'][:defer] = true