Forum OpenACS Improvement Proposals (TIPs): Re: TIP#122 Made as_session_id_sec secure cookie

Collapse
7: Re: TIP#122 Made as_session_id_sec secure cookie (response to 1)
Posted by Dave Bauer on 08/29/08 04:03 PM
I found a bug in that the ad_session_id cookie is still sent for secure connections.

The change is to set the secure cookie on all connectons, and only read the secure cookie on secure connections, I am testing this implementation now.

Collapse
8: Re: TIP#122 Made as_session_id_sec secure cookie (response to 7)
Posted by Dave Bauer on 10/19/09 10:25 PM
Looks like this never got completed! I am looking into making sure this works.