diff --git management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables index fd18755026..7de8abff44 100644 --- management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables +++ management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables @@ -23,6 +23,13 @@ Type=bool Categories=management-umc Default=false +[umc/http/enforce-secure-cookie] +Description[de]=Wenn gesetzt, werden Cookies mit dem Secure-Attribut gesetzt, wenn die Verbindung über HTTPS erfolgt. +Description[en]=If set, cookies are set with the secure attribute if the connection is using HTTPS. +Type=bool +Categories=management-umc +Default=false + [umc/http/session/timeout] Description[de]=Nach diesem Zeitraum in Sekunden wird die Browser-Sitzung automatisch geschlossen und eine Neuanmeldung ist notwendig. Ist die Variable nicht gesetzt, gilt 300, also fünf Minuten. Description[en]=After this time period in seconds the browser session is automatically closed and a renewed login is required. If the variable is unset, 300 applies (i.e. five minutes). diff --git management/univention-management-console/univention-management-console-web-server management/univention-management-console/univention-management-console-web-server index 248be4c28a..adb72b5a1e 100755 --- management/univention-management-console/univention-management-console-web-server +++ management/univention-management-console/univention-management-console-web-server @@ -720,6 +720,8 @@ class Ressource(object): cookie[name]['expires'] = expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT") cookie[name]['version'] = 1 cookie[name]['path'] = '/univention/' + if cherrypy.request.scheme == 'https' and ucr.is_true('umc/http/enforce-secure-cookie'): + cookie[name]['secure'] = True def get_cookie(self, name): cookie = cherrypy.request.cookie.get