galaxysession cookie secure flag

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

galaxysession cookie secure flag

Vipin TS
Hi dev-team, 

We have placed our galaxy instance ssl and I need to make sure that the secure flag is set 
on the cookie (commonly represented by the word “secure” under the Security column) but 
I am not able to do the same. something like below: 

Inline image 2

when I checked on my instance I saw as below: 
Inline image 3
I have made necessary changes to my ssl.conf to put the flag as secure, but it seems not appearing here. 

Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly

does anybody have an experience in setting up the same. thanks in advance, 

--/Vipin


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: galaxysession cookie secure flag

Vipin TS
Hello, 

I figured out the place where the cookie gets set in Galaxy and then add secure to that. Apache configuration didn't work well. 

added the following code into  function "set_cookie" in:
lib/galaxy/web/framework/__init__.py 

def set_cookie( self, value, name='galaxysession', path='/', age=90, version='1' ):
     try:             
         self.response.cookies[name]['secure'] = True         
     except CookieError, e:             
         log.warning( "Error setting secure attribute in cookie '%s': %s" % ( name, e ) )

I tested by running the following, now I can see the flag "secure" in the set-cookie

curl -k -D - https://gx.cbio.mskcc.org/ -o /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0HTTP/1.1 200 OK
Date: Mon, 06 May 2013 14:50:16 GMT
Server: PasteWSGIServer/0.5 Python/2.6.6
content-type: text/html; charset=UTF-8
Set-Cookie: galaxysession=7cf35ade3e68eef6c0bd6866318609b987df86a0d50ecc280f02efaa5966a9aa59ce7177812bed97; expires=Sun, 04-Aug-2013 10:50:16 GMT; httponly; Max-Age=7776000; Path=/; secure; Version=1
Connection: close
Transfer-Encoding: chunked

100 25395    0 25395    0     0  35881      0 --:--:-- --:--:-- --:--:-- 69575

--Vipin

Hi dev-team, 

We have placed our galaxy instance ssl and I need to make sure that the secure flag is set 
on the cookie (commonly represented by the word “secure” under the Security column) but 
I am not able to do the same. something like below: 

Inline image 2

when I checked on my instance I saw as below: 
Inline image 3
I have made necessary changes to my ssl.conf to put the flag as secure, but it seems not appearing here. 

Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly

does anybody have an experience in setting up the same. thanks in advance, 

--/Vipin



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/