server: check and set sercure cookie flag only after login

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-02-28 18:20:56 +05:30 · 2015-02-28 18:20:56 +05:30 · 0f819f1583
parent b6b3494782
commit 0f819f1583
1 changed files with 8 additions and 8 deletions
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@ -154,14 +154,6 @@ public class ApiServlet extends HttpServlet {
            }

            HttpSession session = req.getSession(false);
-            if (ApiServer.isSecureSessionCookieEnabled()) {
-                resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client");
-                if (s_logger.isDebugEnabled()) {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Session cookie is marked secure!");
-                    }
-                }
-            }
            final Object[] responseTypeParam = params.get(ApiConstants.RESPONSE);
            if (responseTypeParam != null) {
                responseType = (String)responseTypeParam[0];
@ -187,6 +179,14 @@ public class ApiServlet extends HttpServlet {
                            }
                        }
                        session = req.getSession(true);
+                        if (ApiServer.isSecureSessionCookieEnabled()) {
+                            resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client");
+                            if (s_logger.isDebugEnabled()) {
+                                if (s_logger.isDebugEnabled()) {
+                                    s_logger.debug("Session cookie is marked secure!");
+                                }
+                            }
+                        }
                    }

                    try {