Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cubicweb/web/application.py
changeset 11913 4516c3956d46
parent 11872 a997e5451737
child 12043 b8d2e6b9f548 
--- a/cubicweb/web/application.py	Fri Jan 20 16:53:28 2017 +0100
+++ b/cubicweb/web/application.py	Mon Jan 23 11:02:21 2017 +0100
@@ -125,8 +125,6 @@
         """return a string giving the name of the cookie used to store the
         session identifier.
         """
-        if req.https:
-            return '__%s_https_session' % self.vreg.config.appid
         return '__%s_session' % self.vreg.config.appid
 
     def get_session(self, req):
@@ -158,7 +156,7 @@
     def open_session(self, req):
         session = self.session_manager.open_session(req)
         sessioncookie = self.session_cookie(req)
-        secure = req.https and req.base_url().startswith('https://')
+        secure = req.base_url().startswith('https://')
         req.set_cookie(sessioncookie, session.sessionid,
                        maxage=None, secure=secure, httponly=True)
         if not session.anonymous_session:
@@ -334,27 +332,20 @@
             content = self.redirect_handler(req, ex)
         # Wrong, absent or Reseted credential
         except AuthenticationError:
-            # If there is an https url configured and
-            # the request does not use https, redirect to login form
-            https_url = self.vreg.config['https-url']
-            if https_url and req.base_url() != https_url:
-                req.status_out = http_client.SEE_OTHER
-                req.headers_out.setHeader('location', https_url + 'login')
+            # We assume here that in http auth mode the user *May* provide
+            # Authentification Credential if asked kindly.
+            if self.vreg.config['auth-mode'] == 'http':
+                req.status_out = http_client.UNAUTHORIZED
+            # In the other case (coky auth) we assume that there is no way
+            # for the user to provide them...
+            # XXX But WHY ?
             else:
-                # We assume here that in http auth mode the user *May* provide
-                # Authentification Credential if asked kindly.
-                if self.vreg.config['auth-mode'] == 'http':
-                    req.status_out = http_client.UNAUTHORIZED
-                # In the other case (coky auth) we assume that there is no way
-                # for the user to provide them...
-                # XXX But WHY ?
-                else:
-                    req.status_out = http_client.FORBIDDEN
-                # If previous error handling already generated a custom content
-                # do not overwrite it. This is used by LogOut Except
-                # XXX ensure we don't actually serve content
-                if not content:
-                    content = self.need_login_content(req)
+                req.status_out = http_client.FORBIDDEN
+            # If previous error handling already generated a custom content
+            # do not overwrite it. This is used by LogOut Except
+            # XXX ensure we don't actually serve content
+            if not content:
+                content = self.need_login_content(req)
         assert isinstance(content, binary_type)
         return content
cubicweb