From c506a9d1a7debf5b8c562e1bd965ed95e62371e0 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Tue, 27 May 2008 15:49:30 +0000 Subject: [PATCH] * Make setting of HttpOnly flag more explicit. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@660566 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_rewrite.xml | 2 +- modules/mappers/mod_rewrite.c | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml index c995ab82f2..c9e4fa0af1 100644 --- a/docs/manual/mod/mod_rewrite.xml +++ b/docs/manual/mod/mod_rewrite.xml @@ -1260,7 +1260,7 @@ cannot use $N in the substitution string! is the lifetime of the cookie in minutes, and the optional path is the path of the cookie. If secure is set to 'true' or '1', the cookie is only transmitted via secured - connections. If httponly is set to any string, the + connections. If httponly is set to 'true' or '1', the HttpOnly flag is used, making the cookie inaccessible to JavaScript code on browsers that support this feature. diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 91d2a69090..4abf898db6 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -2492,10 +2492,12 @@ static void add_cookie(request_rec *r, char *s) "; domain=", domain, expires ? "; expires=" : NULL, expires ? exp_time : NULL, - secure ? ((strcasecmp(secure, "true") == 0 - || strcasecmp(secure, "1") == 0) ? - "; secure" : NULL) : NULL, - httponly ? "; HttpOnly" : NULL, + (secure && (!strcasecmp(secure, "true") + || !strcasecmp(secure, "1"))) ? + "; secure" : NULL, + (httponly && (!strcasecmp(httponly, "true") + || !strcasecmp(httponly, "1"))) ? + "; HttpOnly" : NULL, NULL); apr_table_addn(rmain->err_headers_out, "Set-Cookie", cookie); -- 2.40.0