Bug 429495

Summary: Add cookie_secure param to enforce sending cookies over secure connection
Product: [Community] Bugzilla Reporter: David Lawrence <dkl>
Component: Bugzilla GeneralAssignee: PnT DevOps Devs <hss-ied-bugs>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 3.2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-21 22:23:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 406071, 406231    
Attachments:
Description Flags
Patch to add cookie_secure param to auth code none

Description David Lawrence 2008-01-21 05:29:57 UTC 
Add new param called cookie_secure to Auth code to enforce cookies only being
sent over secure (SSL) connection.

template/en/default/admin/params/auth.html.tmpl
Bugzilla/Config/Auth.pm
Bugzilla/Auth/Persist/Cookie.pm
Comment 1 David Lawrence 2008-01-21 05:29:57 UTC 
Created attachment 292326 [details]
Patch to add cookie_secure param to auth code
Comment 2 David Lawrence 2008-01-21 05:43:11 UTC 
https://bugzilla.mozilla.org/show_bug.cgi?id=381569
Comment 3 David Lawrence 2008-01-22 05:05:53 UTC 
Worked 2 hours on this patch.
Comment 4 David Lawrence 2008-02-21 22:23:32 UTC 
Instead of adding a new cookie_secure param, we went the route of enforcing
secure cookie whenever the 'ssl' param is set to either 'authenticated sessions'
or 'always' so this can be closed.