From 9fd7acf663d2f038b98717079f54a0281ae438e1 Mon Sep 17 00:00:00 2001 From: astaxie Date: Fri, 15 May 2015 15:04:08 +0800 Subject: [PATCH] fix #1152 --- session/session.go | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/session/session.go b/session/session.go index 4214320c..ffc08edc 100644 --- a/session/session.go +++ b/session/session.go @@ -147,7 +147,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se Value: url.QueryEscape(sid), Path: "/", HttpOnly: true, - Secure: manager.config.Secure, + Secure: manager.isSecure(r), Domain: manager.config.Domain} if manager.config.CookieLifeTime > 0 { cookie.MaxAge = manager.config.CookieLifeTime @@ -174,7 +174,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se Value: url.QueryEscape(sid), Path: "/", HttpOnly: true, - Secure: manager.config.Secure, + Secure: manager.isSecure(r), Domain: manager.config.Domain} if manager.config.CookieLifeTime > 0 { cookie.MaxAge = manager.config.CookieLifeTime @@ -233,7 +233,7 @@ func (manager *Manager) SessionRegenerateId(w http.ResponseWriter, r *http.Reque Value: url.QueryEscape(sid), Path: "/", HttpOnly: true, - Secure: manager.config.Secure, + Secure: manager.isSecure(r), Domain: manager.config.Domain, } } else { @@ -270,3 +270,17 @@ func (manager *Manager) sessionId(r *http.Request) (string, error) { } return hex.EncodeToString(b), nil } + +// Set cookie with https. +func (manager *Manager) isSecure(req *http.Request) bool { + if !manager.config.Secure { + return false + } + if req.URL.Scheme != "" { + return req.URL.Scheme == "https" + } + if req.TLS == nil { + return false + } + return true +}