fix #1152

2024-11-04 21:10:54 +00:00 · 2015-05-15 15:04:08 +08:00 · 2015-05-15 15:04:08 +08:00 · 519602a553
commit 519602a553
parent 740a526105
1 changed files with 17 additions and 3 deletions
--- a/session/session.go
+++ b/session/session.go
@ -147,7 +147,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 			Value:    url.QueryEscape(sid),
 			Path:     "/",
 			HttpOnly: true,
-			Secure:   manager.config.Secure,
+			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain}
 		if manager.config.CookieLifeTime > 0 {
 			cookie.MaxAge = manager.config.CookieLifeTime
@ -174,7 +174,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 				Value:    url.QueryEscape(sid),
 				Path:     "/",
 				HttpOnly: true,
-				Secure:   manager.config.Secure,
+				Secure:   manager.isSecure(r),
 				Domain:   manager.config.Domain}
 			if manager.config.CookieLifeTime > 0 {
 				cookie.MaxAge = manager.config.CookieLifeTime
@ -233,7 +233,7 @@ func (manager *Manager) SessionRegenerateId(w http.ResponseWriter, r *http.Reque
 			Value:    url.QueryEscape(sid),
 			Path:     "/",
 			HttpOnly: true,
-			Secure:   manager.config.Secure,
+			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain,
 		}
 	} else {
@ -270,3 +270,17 @@ func (manager *Manager) sessionId(r *http.Request) (string, error) {
 	}
 	return hex.EncodeToString(b), nil
 }
+
+// Set cookie with https.
+func (manager *Manager) isSecure(req *http.Request) bool {
+	if !manager.config.Secure {
+		return false
+	}
+	if req.URL.Scheme != "" {
+		return req.URL.Scheme == "https"
+	}
+	if req.TLS == nil {
+		return false
+	}
+	return true
+}