Hi, this patch adds ability to use Secure Cookie for https only
installations, depended on variable in RT_SiteConfig.pm (default value
in RT_Config.pm should be 0). Is there any reason why this is not
already in RT3 ? I did few tests and didnt find any issue related to
this adjustment.
patch against RT3.2.2 installation:
— share/html/Elements/SetupSessionCookie Thu Jul 29 02:08:11 2004
+++ local/html/Elements/SetupSessionCookie Fri Jun 24 13:49:55 2005
@@ -94,7 +94,8 @@
my $cookie = new CGI::Cookie(
-name => $cookiename,
-value => $session{_session_id},
-
-path => '/',
-
-path => $RT::WebPath,
-
-secure => $RT::UseSecureCookie ); $r->headers_out->{'Set-Cookie'} = $cookie->as_string;
and define in RT_SiteConfig.pm:
if you have https instalation only set to 1, otherwise 0
Set($UseSecureCookie, ‘1’);
Pavel Ruzicka, ICZ