DWRSESSIONID secure flag

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

DWRSESSIONID secure flag

daniel.silva
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: DWRSESSIONID secure flag

david@butterdev.com
The cookie is being set on the request in engine.js.  It seems we
should/could add a flag here to pass the secure flag if the current
protocol is https and if a configuration flag is enabled? Mike do you
have any thoughts on this?

On 2014-12-15 09:14, [hidden email] wrote:

> Version: 3RC2
>
> Hello guys,
>
> We have a request from a client to have the option of adding the secure
> flag to all cookies. We are adding the HTTP Header SET-COOKIE to
> response for every cookie and adding the "; secure" at the end. It
> works for every cookie except for the DWRSESSIONID.
> I would like to know if there is something missing here.
>
> Thanks!
>
> Daniel
Reply | Threaded
Open this post in threaded view
|

Re: DWRSESSIONID secure flag

daniel.silva
In reply to this post by daniel.silva
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: DWRSESSIONID secure flag

Mike Wilson
Administrator
In reply to this post by david@butterdev.com
I don't see any problem with that as long as we only do it when an
option is set, as not to destroy http behaviour.
I have another cookie-related option to add so I can look into
doing this as well.

Best regards
Mike

david wrote:

> The cookie is being set on the request in engine.js.  It seems we
> should/could add a flag here to pass the secure flag if the current
> protocol is https and if a configuration flag is enabled? Mike do you
> have any thoughts on this?
>
> On 2014-12-15 09:14, [hidden email] wrote:
> > Version: 3RC2
> >
> > Hello guys,
> >
> > We have a request from a client to have the option of
> adding the secure
> > flag to all cookies. We are adding the HTTP Header SET-COOKIE to
> > response for every cookie and adding the "; secure" at the end. It
> > works for every cookie except for the DWRSESSIONID.
> > I would like to know if there is something missing here.
> >
> > Thanks!
> >
> > Daniel