fix(core): add security flags to cookies (HttpOnly, secure)

Fixes #4525

UI/WebServerResources/SOGoRootPage.js

@@ -7,11 +7,6 @@ function initLogin() {
     date.setTime(date.getTime() - 86400000);
 
     var href = $("connectForm").action.split("/");
-    var appName = href[href.length-2];
-
-    document.cookie = ("0xHIGHFLYxSOGo=discarded"
-                       + "; expires=" + date.toGMTString()
-                       + "; path=/" + appName + "/");
 
     var about = $("about");
     if (about) {
@@ -118,9 +113,7 @@ function onLoginCallback(http) {
 
         if (http.status == 200) {
             // Make sure browser's cookies are enabled
-            var loginCookie = readLoginCookie();
-
-            if (!loginCookie) {
+            if (navigator && !navigator.cookieEnabled) {
                 SetLogMessage("errorMessage", _("cookiesNotEnabled"));
                 submitBtn.disabled = false;
                 return;

UI/WebServerResources/generic.js

@@ -2329,17 +2329,6 @@ function readCookie(name) {
     return foundCookie;
 }
 
-function readLoginCookie() {
-    var loginValues = null;
-    var cookie = readCookie("0xHIGHFLYxSOGo");
-    if (cookie && cookie.length > 8) {
-        var value = decodeURIComponent(cookie.substr(8));
-        loginValues = value.base64decode().split(":");
-    }
-
-    return loginValues;
-}
-
 /* logging widgets */
 function SetLogMessage(containerId, message, msgType) {
     var container = $(containerId);