(doris) branch master updated: Fix FE web insecure cookie setting #26056 (#26057)

[yiguolei]

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 5e374c6a350 Fix FE web insecure cookie setting #26056 (#26057)
5e374c6a350 is described below

commit 5e374c6a350e2d1ba5829af75470cf9497486c86
Author: Guangming Lu <71873108+luguangm...@users.noreply.github.com>
AuthorDate: Tue Dec 12 22:50:40 2023 +0800

    Fix FE web insecure cookie setting #26056 (#26057)
    
    * Fix FE web insecure cookie setting #26056
    
    * [Bug] FE web insecure cookie setting #26056
---
 .../org/apache/doris/httpv2/controller/BaseController.java   | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
 
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
index c2cdbf2adea..ab71ffffd48 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
@@ -104,7 +104,11 @@ public class BaseController {
     protected void addSession(HttpServletRequest request, HttpServletResponse 
response, SessionValue value) {
         String key = UUID.randomUUID().toString();
         Cookie cookie = new Cookie(PALO_SESSION_ID, key);
-        cookie.setSecure(false);
+        if (Config.enable_https) {
+            cookie.setSecure(true);
+        } else {
+            cookie.setSecure(false);
+        }
         cookie.setMaxAge(PALO_SESSION_EXPIRED_TIME);
         cookie.setPath("/");
         cookie.setHttpOnly(true);
@@ -172,6 +176,12 @@ public class BaseController {
             if (cookie.getName() != null && 
cookie.getName().equals(cookieName)) {
                 cookie.setMaxAge(age);
                 cookie.setPath("/");
+                cookie.setHttpOnly(true);
+                if (Config.enable_https) {
+                    cookie.setSecure(true);
+                } else {
+                    cookie.setSecure(false);
+                }
                 response.addCookie(cookie);
             }
         }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org