SAML2: add cookie with HttpOnly too #10013

weizhouapache · weizhouapache · commit 75261ddb44ed · 2024-12-05T10:51:13.000+01:00
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
@@ -320,6 +320,7 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi
         String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);
         s_logger.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);
         resp.addHeader("SET-COOKIE", sessionKeyCookie);
+        resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), sameSite));
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -320,6 +320,7 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi`
`320`	`320`	`String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);`
`321`	`321`	`s_logger.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);`
`322`	`322`	`resp.addHeader("SET-COOKIE", sessionKeyCookie);`
	`323`	`+ resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), sameSite));`
`323`	`324`	`}`
`324`	`325`
`325`	`326`	`/**`