Skip to content

Commit

Permalink
Merge pull request #231 from Carreau/secure-cookie
Browse files Browse the repository at this point in the history 
Make cookie secure if used over https
  • Loading branch information
@minrk
minrk committed Apr 17, 2015
2 parents 778202a + 494e4fe commit 6b32a5c
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion jupyterhub/handlers/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,18 +154,33 @@ def clear_login_cookie(self):

def set_server_cookie(self, user):
"""set the login cookie for the single-user server"""
# tornado <4.2 have a bug that consider secure==True as soon as
# 'secure' kwarg is passed to set_secure_cookie
if self.request.protocol == 'https':
kwargs = {'secure':True}
else:
kwargs = {}
self.set_secure_cookie(
user.server.cookie_name,
user.cookie_id,
path=user.server.base_url,
**kwargs
)

def set_hub_cookie(self, user):
"""set the login cookie for the Hub"""
# tornado <4.2 have a bug that consider secure==True as soon as
# 'secure' kwarg is passed to set_secure_cookie
if self.request.protocol == 'https':
kwargs = {'secure':True}
else:
kwargs = {}
self.set_secure_cookie(
self.hub.server.cookie_name,
user.cookie_id,
path=self.hub.server.base_url)
path=self.hub.server.base_url,
**kwargs
)

def set_login_cookie(self, user):
"""Set login cookies for the Hub and single-user server."""
Expand Down

0 comments on commit 6b32a5c

Please sign in to comment.