silverstripe-framework/control
Hamish Friedlander d629d9422f FIX Session::$cookie_secure so Sessions still work via HTTP
Session::$cookie_secure adds the secure property to the session Set-Cookie
command, so that the browser wouldnt send it to the server over an unencrypted
link. However the server would still send the cookie to the browser
unencrypted. Also Sessions would stop working properly in HTTP,
but SilverStripe needs them for several things, such as form validation

This patch effectively causes HTTP and HTTPS requests to each have
their own session when cookie_secure is true. The two sessions are
independant from each other, so information set in the session via
HTTPS is safe from attacks on the session via HTTP, but parts
of the site that use HTTP and the session will still work
2013-07-07 09:12:10 +12:00
..
injector Update @package, @subpackage labels 2013-05-21 22:24:41 +12:00
ContentNegotiator.php Bugfix: Added private static $defaultFormat in order to choose default via config. Permit WCAG validation of XHTML. 2013-05-13 11:34:35 +02:00
Controller.php Controller::redirect now returns the resulting SS_HTTPResponse, allowing the function to better support chaining 2013-06-24 13:39:05 +12:00
Cookie.php Ensure Cookie::get() will immediately return results. 2013-06-07 11:27:15 +12:00
Director.php FIX Session::$cookie_secure so Sessions still work via HTTP 2013-07-07 09:12:10 +12:00
HTTP.php FIX: Updated protocol check to become more stringent. 2013-05-20 12:46:44 +12:00
HTTPRequest.php FIX Allow Director::$rules like //$Action 2013-04-29 16:13:37 +12:00
HTTPResponse.php API Make SSViewer#process return HTMLText not string 2013-03-14 12:49:03 +13:00
NullHTTPRequest.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
PjaxResponseNegotiator.php Update @package, @subpackage labels 2013-05-21 22:24:41 +12:00
RequestFilter.php FEATURE: Added dependency injector for managing creation of new objects and their dependencies. 2012-05-18 12:39:57 +12:00
RequestHandler.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
RequestProcessor.php Update @package, @subpackage labels 2013-05-21 22:24:41 +12:00
Session.php FIX Session::$cookie_secure so Sessions still work via HTTP 2013-07-07 09:12:10 +12:00