Skip to content

Commit

Permalink
SAML2: add cookie with HttpOnly too apache#10013 (apache#10047)
Browse files Browse the repository at this point in the history
  • Loading branch information
@weizhouapache
weizhouapache authored Dec 9, 2024
1 parent 4876761 commit f9b1767
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,7 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi
String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);
s_logger.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);
resp.addHeader("SET-COOKIE", sessionKeyCookie);
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), sameSite));
}

/**
Expand Down

0 comments on commit f9b1767

Please sign in to comment.