Set the httponly flag on the autologin cookie.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4757 e93f8b46-1217-0410-a6f0-8f06a7374b81

Set the httponly flag on the autologin cookie.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4757 e93f8b46-1217-0410-a6f0-8f06a7374b81
ef32606c · Jean-Philippe Lang · Eric Davis · 4adf3abf · ef32606c
Commit ef32606c authored Jan 23, 2011 by Jean-Philippe Lang Committed by Eric Davis Feb 10, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

account_controller.rb app/controllers/account_controller.rb +2 -1

No files found.
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -216,7 +216,8 @@ class AccountController < ApplicationController
      :value => token.value,
      :expires => 1.year.from_now,
      :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false)
+      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :httponly => true
    }
    cookies[cookie_name] = cookie_options
  end