You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by wi...@apache.org on 2015/03/04 11:06:18 UTC
[34/50] [abbrv] git commit: updated refs/heads/reporter to 178a938
server: check and set sercure cookie flag only after login
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 0f819f1583116d93ca3ebf460b69cd74144a25b2)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ed099c3f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ed099c3f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ed099c3f
Branch: refs/heads/reporter
Commit: ed099c3f964e4b18a3c431b59cdb63533ec91d81
Parents: 20bcb4b
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Sat Feb 28 18:20:56 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Sat Feb 28 18:23:05 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/api/ApiServlet.java | 8 ++++++++
1 file changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed099c3f/server/src/com/cloud/api/ApiServlet.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index 5628d98..1fd16ba 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -194,6 +194,14 @@ public class ApiServlet extends HttpServlet {
}
}
session = req.getSession(true);
+ if (ApiServer.isSecureSessionCookieEnabled()) {
+ resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client");
+ if (s_logger.isDebugEnabled()) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Session cookie is marked secure!");
+ }
+ }
+ }
}
try {