[interchange] Allow setting of 'HttpOnly' on cookies, using Pragma. Patch by Mike Heins.

Josh Lavin interchange-cvs at icdevgroup.org
Mon Apr 1 16:12:20 UTC 2013


commit 8271890cd46b53545bdeb6b1c7473bb81e77928e
Author: Josh Lavin <josh at perusion.com>
Date:   Mon Apr 1 09:10:37 2013 -0700

    Allow setting of 'HttpOnly' on cookies, using Pragma. Patch by Mike Heins.
    
    from: http://www.icdevgroup.org/pipermail/interchange-users/2011-February/052657.html
    
    "Looks like it would be a good thing to do in some cases. However, if as
    with more and more catalogs, you use Web 2.0 features that call the
    database via IC, then you will potentially break those functions."
    
    Set
    
        Pragma set_httponly
    
    in catalog.cfg and you would be good to go.

 lib/Vend/Server.pm |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/lib/Vend/Server.pm b/lib/Vend/Server.pm
index 99132dc..3a8437e 100644
--- a/lib/Vend/Server.pm
+++ b/lib/Vend/Server.pm
@@ -561,6 +561,7 @@ sub create_cookie {
 			$out .= $expstring;
 		}
 		$out .= '; secure' if $secure;
+		$out .= '; HttpOnly' if $::Pragma->{set_httponly};
 		$out .= "\r\n";
 	}
 	return $out;



More information about the interchange-cvs mailing list