From 0f819f1583116d93ca3ebf460b69cd74144a25b2 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sat, 28 Feb 2015 18:20:56 +0530 Subject: [PATCH] server: check and set sercure cookie flag only after login Signed-off-by: Rohit Yadav --- server/src/com/cloud/api/ApiServlet.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java index edfc2465cc2..7dada94312c 100644 --- a/server/src/com/cloud/api/ApiServlet.java +++ b/server/src/com/cloud/api/ApiServlet.java @@ -154,14 +154,6 @@ public class ApiServlet extends HttpServlet { } HttpSession session = req.getSession(false); - if (ApiServer.isSecureSessionCookieEnabled()) { - resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client"); - if (s_logger.isDebugEnabled()) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Session cookie is marked secure!"); - } - } - } final Object[] responseTypeParam = params.get(ApiConstants.RESPONSE); if (responseTypeParam != null) { responseType = (String)responseTypeParam[0]; @@ -187,6 +179,14 @@ public class ApiServlet extends HttpServlet { } } session = req.getSession(true); + if (ApiServer.isSecureSessionCookieEnabled()) { + resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client"); + if (s_logger.isDebugEnabled()) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Session cookie is marked secure!"); + } + } + } } try {