-
Olav Morken authored
This patch removes the autodetection of the secure flag for the cookie based on whether the user is accessing simpleSAMLphp through https. The reason for this is that the user can often access an SP through both https and http. If the user starts with http, everything will work, but if the user starts with https, the user will get two separate cookies, one for https and one for http. This patch introduces a new configuration option in config.php: /* * Set the secure flag in the cookie. * * Set this to TRUE if the user only accesses your service * through https. If the user can access the service through * both http and https, this must be set to FALSE. */ 'session.cookie.secure' => FALSE, git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2180 44740490-163a-0410-bde0-09ae8108e29aOlav Morken authoredThis patch removes the autodetection of the secure flag for the cookie based on whether the user is accessing simpleSAMLphp through https. The reason for this is that the user can often access an SP through both https and http. If the user starts with http, everything will work, but if the user starts with https, the user will get two separate cookies, one for https and one for http. This patch introduces a new configuration option in config.php: /* * Set the secure flag in the cookie. * * Set this to TRUE if the user only accesses your service * through https. If the user can access the service through * both http and https, this must be set to FALSE. */ 'session.cookie.secure' => FALSE, git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2180 44740490-163a-0410-bde0-09ae8108e29a
Code owners
Assign users and groups as approvers for specific file changes. Learn more.