Add security flags to cookies (HttpOnly, secure)

Fixes #4525
This commit is contained in:
Francis Lachapelle
2018-08-21 14:01:11 -04:00
parent 69c03e7479
commit 828d773b49
3 changed files with 12 additions and 21 deletions
+8 -1
View File
@@ -383,6 +383,7 @@
{
WOCookie *authCookie;
NSString *cookieValue, *cookieString, *appName, *sessionKey, *userKey, *securedPassword;
BOOL isSecure;
//
// We create a new cookie - thus we create a new session
@@ -409,8 +410,14 @@
userKey, sessionKey];
cookieValue = [NSString stringWithFormat: @"basic %@",
[cookieString stringByEncodingBase64]];
isSecure = [[[context serverURL] scheme] isEqualToString: @"https"];
authCookie = [WOCookie cookieWithName: [self cookieNameInContext: context]
value: cookieValue];
value: cookieValue
path: nil
domain: nil
expires: nil
isSecure: isSecure
httpOnly: YES];
appName = [[context request] applicationName];
[authCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];