Bug 429495 - Add cookie_secure param to enforce sending cookies over secure connection
Summary: Add cookie_secure param to enforce sending cookies over secure connection
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 3.2
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: PnT DevOps Devs
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: RHBZ30UpgradeTracker 406231
TreeView+ depends on / blocked
 
Reported: 2008-01-21 05:29 UTC by David Lawrence
Modified: 2013-06-24 02:20 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-02-21 22:23:32 UTC
Embargoed:


Attachments (Terms of Use)
Patch to add cookie_secure param to auth code (3.37 KB, patch)
2008-01-21 05:29 UTC, David Lawrence
no flags Details | Diff

Description David Lawrence 2008-01-21 05:29:57 UTC
Add new param called cookie_secure to Auth code to enforce cookies only being
sent over secure (SSL) connection.

template/en/default/admin/params/auth.html.tmpl
Bugzilla/Config/Auth.pm
Bugzilla/Auth/Persist/Cookie.pm

Comment 1 David Lawrence 2008-01-21 05:29:57 UTC
Created attachment 292326 [details]
Patch to add cookie_secure param to auth code

Comment 2 David Lawrence 2008-01-21 05:43:11 UTC
https://bugzilla.mozilla.org/show_bug.cgi?id=381569

Comment 3 David Lawrence 2008-01-22 05:05:53 UTC
Worked 2 hours on this patch.

Comment 4 David Lawrence 2008-02-21 22:23:32 UTC
Instead of adding a new cookie_secure param, we went the route of enforcing
secure cookie whenever the 'ssl' param is set to either 'authenticated sessions'
or 'always' so this can be closed.


Note You need to log in before you can comment on or make changes to this bug.