Hello, I figured out the place where the cookie gets set in Galaxy and then add secure to that. Apache configuration didn't work well.
added the following code into function "set_cookie" in: lib/galaxy/web/framework/__init__.py *def set_cookie( self, value, name='galaxysession', path='/', age=90, version='1' ): * * try: * * self.response.cookies[name]['secure'] = True * * except CookieError, e: * * log.warning( "Error setting secure attribute in cookie '%s': %s" % ( name, e ) )* I tested by running the following, now I can see the flag "secure" in the set-cookie curl -k -D - https://gx.cbio.mskcc.org/ -o /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0HTTP/1.1 200 OK Date: Mon, 06 May 2013 14:50:16 GMT Server: PasteWSGIServer/0.5 Python/2.6.6 content-type: text/html; charset=UTF-8 Set-Cookie: galaxysession=7cf35ade3e68eef6c0bd6866318609b987df86a0d50ecc280f02efaa5966a9aa59ce7177812bed97; expires=Sun, 04-Aug-2013 10:50:16 GMT; httponly; Max-Age=7776000; Path=/; secure; Version=1 Connection: close Transfer-Encoding: chunked 100 25395 0 25395 0 0 35881 0 --:--:-- --:--:-- --:--:-- 69575 --Vipin Hi dev-team, > > We have placed our galaxy instance ssl and I need to make sure that the > secure flag is set > on the cookie (commonly represented by the word “secure” under the > Security column) but > I am not able to do the same. something like below: > > [image: Inline image 2] > > when I checked on my instance I saw as below: > [image: Inline image 3] > I have made necessary changes to my ssl.conf to put the flag as secure, > but it seems not appearing here. > > Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly > > does anybody have an experience in setting up the same. thanks in advance, > --/Vipin > >
<<image.png>>
<<image.png>>
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
