upstream/ipython Commit - r21269:5d6ce367

Set secure cookie by default if login handler is hit....

Matthias Bussonnier -

r21269:5d6ce367

parent child

IPython/html/auth/login.py

0 +7 -1

                      typed_password = self.get_argument('password', default=u'')
                      if self.login_available(self.settings):
                          if passwd_check(self.hashed_password, typed_password):
-                             self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()))
+                             # tornado <4.2 have a bug that consider secure==True as soon as
+                             # 'secure' kwarg is passed to set_secure_cookie
+                             if self.settings.get('secure_cookie', self.request.protocol == 'https'):
+                                 kwargs = {'secure':True}
+                             else:
+                                 kwargs = {}
+                             self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()), **kwargs)
                          else:
                              self._render(message={'error': 'Invalid password'})
                              return

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages