Skip to content

Commit

Permalink
SAML2: add cookie with HttpOnly too apache#10013 (apache#10047)
Browse files Browse the repository at this point in the history
  • Loading branch information
@weizhouapache
weizhouapache committed Dec 11, 2024
1 parent 1e10793 commit a18f1a6
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi
String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);
LOGGER.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);
resp.addHeader("SET-COOKIE", sessionKeyCookie);
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), sameSite));
}

/**
Expand Down

0 comments on commit a18f1a6

Please sign in to comment.