cookie: enhance cookie security (#3525)

author: Unknwon <u@gogs.io> 2017-02-14 03:52:20 -0500
committer: Unknwon <u@gogs.io> 2017-02-14 03:52:20 -0500
commit: 4c5255f5ad587b13644c6a38e9d9ef3c0ef9852f (patch)
tree: a41ce413b1d550a7003a362004655d2b2fea4c8e /routers/user
parent: 279e475b893e187a5b5813646db2a20b5cad2a8b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go
index 88ad055f..45ec1156 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -123,8 +123,8 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 
 	if form.Remember {
 		days := 86400 * setting.LogInRememberDays
-		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
-		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
+		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
+		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 	}
 
 	ctx.Session.Set("uid", u.ID)
author	Unknwon <u@gogs.io>	2017-02-14 03:52:20 -0500
committer	Unknwon <u@gogs.io>	2017-02-14 03:52:20 -0500
commit	4c5255f5ad587b13644c6a38e9d9ef3c0ef9852f (patch)
tree	a41ce413b1d550a7003a362004655d2b2fea4c8e /routers/user
parent	279e475b893e187a5b5813646db2a20b5cad2a8b (diff)