Set autologin cookie as secure by default when using https (#20935).

git-svn-id: http://svn.redmine.org/redmine/trunk@14648 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-02 03:15:57 +01:00 · 2015-10-07 19:43:12 +00:00
parent b0be968d36
commit 8369b6b133
1 changed files with 5 additions and 1 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -265,11 +265,15 @@ class AccountController < ApplicationController

  def set_autologin_cookie(user)
    token = Token.create(:user => user, :action => 'autologin')
+    secure = Redmine::Configuration['autologin_cookie_secure']
+    if secure.nil?
+      secure = request.ssl?
+    end
    cookie_options = {
      :value => token.value,
      :expires => 1.year.from_now,
      :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :secure => secure,
      :httponly => true
    }
    cookies[autologin_cookie_name] = cookie_options