Bug 514913: Eliminate ssl="authenticated sessions"

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
author: mkanat%bugzilla.org <> 2009-10-09 06:31:08 +0200
committer: mkanat%bugzilla.org <> 2009-10-09 06:31:08 +0200
commit: 8ecb3ad6ecc8d636fb205895d736108cbc8083a1 (patch)
tree: 69b5da83e47b1fc8481227f2ec46aba1261e84ad /Bugzilla/Auth/Persist/Cookie.pm
parent: 4671e0ffd9920d000fb6191999288ed12d4dac52 (diff)
download: bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.gz
bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.xz
1 files changed, 3 insertions, 5 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index c533252d3..60f90925e 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -89,11 +89,9 @@ sub persist_login {
         # Not a session cookie, so set an infinite expiry
         $cookieargs{'-expires'} = 'Fri, 01-Jan-2038 00:00:00 GMT';
     }
-    if (Bugzilla->params->{'ssl'} ne 'never'
-        && Bugzilla->params->{'sslbase'} ne '')
-    {
-        # Bugzilla->login will automatically redirect to https://,
-        # so it's safe to turn on the 'secure' bit.
+    if (Bugzilla->params->{'ssl_redirect'}) {
+        # Make these cookies only be sent to us by the browser during 
+        # HTTPS sessions, if we're using SSL.
         $cookieargs{'-secure'} = 1;
     }
author	mkanat%bugzilla.org <>	2009-10-09 06:31:08 +0200
committer	mkanat%bugzilla.org <>	2009-10-09 06:31:08 +0200
commit	8ecb3ad6ecc8d636fb205895d736108cbc8083a1 (patch)
tree	69b5da83e47b1fc8481227f2ec46aba1261e84ad /Bugzilla/Auth/Persist/Cookie.pm
parent	4671e0ffd9920d000fb6191999288ed12d4dac52 (diff)
download	bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.gz bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.xz