server: check and set sercure cookie flag only after login

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit 0f819f1583) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-02-28 18:20:56 +05:30 · 2015-02-28 18:20:56 +05:30 · ed099c3f96
parent 20bcb4b673
commit ed099c3f96
1 changed files with 8 additions and 0 deletions
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@ -194,6 +194,14 @@ public class ApiServlet extends HttpServlet {
                            }
                        }
                        session = req.getSession(true);
+                        if (ApiServer.isSecureSessionCookieEnabled()) {
+                            resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client");
+                            if (s_logger.isDebugEnabled()) {
+                                if (s_logger.isDebugEnabled()) {
+                                    s_logger.debug("Session cookie is marked secure!");
+                                }
+                            }
+                        }
                    }

                    try {