This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new d191dd6a642 [fix][bug] FE web exists insecure cookie setting (#30183)
d191dd6a642 is described below
commit d191dd6a6429419cc3aa7a1b297246eb1421f434
Author: Guangming Lu <[email protected]>
AuthorDate: Sun Feb 4 18:16:38 2024 +0800
[fix][bug] FE web exists insecure cookie setting (#30183)
---
.../org/apache/doris/httpv2/controller/BaseController.java | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
index 3f7911e523c..77947104b70 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
@@ -104,7 +104,11 @@ public class BaseController {
protected void addSession(HttpServletRequest request, HttpServletResponse
response, SessionValue value) {
String key = UUID.randomUUID().toString();
Cookie cookie = new Cookie(PALO_SESSION_ID, key);
- cookie.setSecure(false);
+ if (Config.enable_https) {
+ cookie.setSecure(true);
+ } else {
+ cookie.setSecure(false);
+ }
cookie.setMaxAge(PALO_SESSION_EXPIRED_TIME);
cookie.setPath("/");
cookie.setHttpOnly(true);
@@ -172,6 +176,12 @@ public class BaseController {
if (cookie.getName() != null &&
cookie.getName().equals(cookieName)) {
cookie.setMaxAge(age);
cookie.setPath("/");
+ cookie.setHttpOnly(true);
+ if (Config.enable_https) {
+ cookie.setSecure(true);
+ } else {
+ cookie.setSecure(false);
+ }
response.addCookie(cookie);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
