[pve-devel] r5748 - in pve-manager/pve2: . lib/PVE

[svn-commits at proxmox.com]

Author: dietmar
Date: 2011-03-23 10:43:36 +0100 (Wed, 23 Mar 2011)
New Revision: 5748

Modified:
   pve-manager/pve2/ChangeLog
   pve-manager/pve2/lib/PVE/REST.pm
Log:
	* lib/PVE/REST.pm (cookie_string): set 'secure' for auth cookie
	(never send over unencrypted channels).



Modified: pve-manager/pve2/ChangeLog
===================================================================
--- pve-manager/pve2/ChangeLog	2011-03-23 08:50:32 UTC (rev 5747)
+++ pve-manager/pve2/ChangeLog	2011-03-23 09:43:36 UTC (rev 5748)
@@ -1,3 +1,8 @@
+2011-03-23  Proxmox Support Team  <support at proxmox.com>
+
+	* lib/PVE/REST.pm (cookie_string): set 'secure' for auth cookie
+	(never send over unencrypted channels).
+
 2011-02-23  Proxmox Support Team  <support at proxmox.com>
 
 	* lib/PVE/REST.pm (rest_handler): use standard framework to create

Modified: pve-manager/pve2/lib/PVE/REST.pm
===================================================================
--- pve-manager/pve2/lib/PVE/REST.pm	2011-03-23 08:50:32 UTC (rev 5747)
+++ pve-manager/pve2/lib/PVE/REST.pm	2011-03-23 09:43:36 UTC (rev 5748)
@@ -30,7 +30,7 @@
 sub cookie_string {
     my ($key, $value) = @_;
 
-    my $cookie = "$key=$value; path=/";
+    my $cookie = "$key=$value; path=/; secure;";
 
     return $cookie;
 }