# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1287642218 -7200
# Node ID 7e9a1a5919e80b40353569afee9c5f2a569c50d4
# Parent  806b53dc54742b12e866b9168b09adc20b4d9ace
#1346310: Add `Secure` attribute to cookie when navigating on https

diff -r 806b53dc5474 -r 7e9a1a5919e8 web/application.py
--- a/web/application.py	Wed Oct 20 17:37:00 2010 +0200
+++ b/web/application.py	Thu Oct 21 08:23:38 2010 +0200
@@ -216,6 +216,8 @@
         session = self.session_manager.open_session(req)
         cookie = req.get_cookie()
         cookie[self.SESSION_VAR] = session.sessionid
+        if req.https:
+            cookie[self.SESSION_VAR]['secure'] = True
         req.set_cookie(cookie, self.SESSION_VAR, maxage=None)
         if not session.anonymous_session:
             self._postlogin(req)