ws: Make cookie be a session cookie

Although it really doesn't matter that much since we clear cookie's on the server side anyway, make our cookie a session cookie, so that it never gets stored in the browser. Reviewed-by: Marius Vollmer <marius.vollmer@redhat.com>
cockpit-project · Sep 23, 2014 · 0d0c12d · 0d0c12d
1 parent 242a996
commit 0d0c12d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
@@ -754,7 +754,7 @@ cockpit_auth_login_finish (CockpitAuth *self,
     {
       gboolean force_secure = !(flags & COCKPIT_AUTH_COOKIE_INSECURE);
       cookie_b64 = g_base64_encode ((guint8 *)authenticated->cookie, strlen (authenticated->cookie));
-      header = g_strdup_printf ("CockpitAuth=%s; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT;%s HttpOnly",
+      header = g_strdup_printf ("CockpitAuth=%s; Path=/; %s HttpOnly",
                                 cookie_b64, force_secure ? " Secure;" : "");
       g_free (cookie_b64);
       g_hash_table_insert (out_headers, g_strdup ("Set-Cookie"), header);