mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-07-02 01:19:29 +02:00
d629d9422f
Session::$cookie_secure adds the secure property to the session Set-Cookie command, so that the browser wouldnt send it to the server over an unencrypted link. However the server would still send the cookie to the browser unencrypted. Also Sessions would stop working properly in HTTP, but SilverStripe needs them for several things, such as form validation This patch effectively causes HTTP and HTTPS requests to each have their own session when cookie_secure is true. The two sessions are independant from each other, so information set in the session via HTTPS is safe from attacks on the session via HTTP, but parts of the site that use HTTP and the session will still work |
||
|---|---|---|
| .. | ||
| injector | ||
| ContentNegotiator.php | ||
| Controller.php | ||
| Cookie.php | ||
| Director.php | ||
| HTTP.php | ||
| HTTPRequest.php | ||
| HTTPResponse.php | ||
| NullHTTPRequest.php | ||
| PjaxResponseNegotiator.php | ||
| RequestFilter.php | ||
| RequestHandler.php | ||
| RequestProcessor.php | ||
| Session.php | ||