Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to secure cookies (HTTPS only) #31

Merged
merged 1 commit into from
Aug 17, 2024
Merged

Switch to secure cookies (HTTPS only) #31

merged 1 commit into from
Aug 17, 2024

Conversation

redrun45
Copy link
Contributor

One more while we're at it! 🚀

@notartom
Copy link
Member

According to [1], cookie_secure determines "whether to create the session cookie only on encrypted (HTTPS) connections." Since we have only HTTPS, with our HTTP site redirecting to HTTPS, this is kind of a noop? Doesn't harm things, though.

@notartom notartom merged commit 03c87dd into LibriVox:master Aug 17, 2024
1 check passed
@redrun45
Copy link
Contributor Author

Not sure why it isn't mentioned, but cookie_secure also sets the Secure flag within the cookie, so that the browser won't send it back to the server over HTTP.
It really should be a no-op, but some browsers might drop their 301 redirect cache before the cookie expires. 🤷

In any event, thanks! I'll have a pair of patches headed your way soon-ish. 😉

@redrun45 redrun45 deleted the cookie-secure branch August 18, 2024 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@redrun45 @notartom