From 0d0c12d228f054aee8fc675004e69c1ed53c74d1 Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@redhat.com>
Date: Mon, 22 Sep 2014 14:37:13 +0200
Subject: [PATCH] ws: Make cookie be a session cookie

Although it really doesn't matter that much since we clear cookie's
on the server side anyway, make our cookie a session cookie, so
that it never gets stored in the browser.

Reviewed-by: Marius Vollmer <marius.vollmer@redhat.com>
---
 src/ws/cockpitauth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
index f0c36fd7950..1ec93dcb1a5 100644
--- a/src/ws/cockpitauth.c
+++ b/src/ws/cockpitauth.c
@@ -754,7 +754,7 @@ cockpit_auth_login_finish (CockpitAuth *self,
     {
       gboolean force_secure = !(flags & COCKPIT_AUTH_COOKIE_INSECURE);
       cookie_b64 = g_base64_encode ((guint8 *)authenticated->cookie, strlen (authenticated->cookie));
-      header = g_strdup_printf ("CockpitAuth=%s; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT;%s HttpOnly",
+      header = g_strdup_printf ("CockpitAuth=%s; Path=/; %s HttpOnly",
                                 cookie_b64, force_secure ? " Secure;" : "");
       g_free (cookie_b64);
       g_hash_table_insert (out_headers, g_strdup ("Set-Cookie"), header);