429495 – Add cookie_secure param to enforce sending cookies over secure connection

Bug 429495 - Add cookie_secure param to enforce sending cookies over secure connection

Summary: Add cookie_secure param to enforce sending cookies over secure connection

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Bugzilla
Classification:	Community
Component:	Bugzilla General
Sub Component:
Version:	3.2
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	PnT DevOps Devs
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHBZ30UpgradeTracker 406231
TreeView+	depends on / blocked

Reported:	2008-01-21 05:29 UTC by David Lawrence
Modified:	2013-06-24 02:20 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-02-21 22:23:32 UTC
Embargoed:

Attachments	(Terms of Use)
Patch to add cookie_secure param to auth code (3.37 KB, patch) 2008-01-21 05:29 UTC, David Lawrence	no flags	Details \| Diff
View All

Description David Lawrence 2008-01-21 05:29:57 UTC

Add new param called cookie_secure to Auth code to enforce cookies only being
sent over secure (SSL) connection.

template/en/default/admin/params/auth.html.tmpl
Bugzilla/Config/Auth.pm
Bugzilla/Auth/Persist/Cookie.pm

Comment 1 David Lawrence 2008-01-21 05:29:57 UTC

Created attachment 292326 [details]
Patch to add cookie_secure param to auth code

Comment 2 David Lawrence 2008-01-21 05:43:11 UTC

https://bugzilla.mozilla.org/show_bug.cgi?id=381569

Comment 3 David Lawrence 2008-01-22 05:05:53 UTC

Worked 2 hours on this patch.

Comment 4 David Lawrence 2008-02-21 22:23:32 UTC

Instead of adding a new cookie_secure param, we went the route of enforcing
secure cookie whenever the 'ssl' param is set to either 'authenticated sessions'
or 'always' so this can be closed.

Note You need to log in before you can comment on or make changes to this bug.