fix #1152

9fd7acf6 · astaxie · 2dca48f2 · 9fd7acf6
Commit 9fd7acf6 authored May 15, 2015 by astaxie
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 3 deletions

session.go session/session.go +17 -3

No files found.
--- a/session/session.go
+++ b/session/session.go
@@ -147,7 +147,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 			Value:    url.QueryEscape(sid),
 			Path:     "/",
 			HttpOnly: true,
-			Secure:   manager.config.Secure,
+			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain}
 		if manager.config.CookieLifeTime > 0 {
 			cookie.MaxAge = manager.config.CookieLifeTime
@@ -174,7 +174,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 				Value:    url.QueryEscape(sid),
 				Path:     "/",
 				HttpOnly: true,
-				Secure:   manager.config.Secure,
+				Secure:   manager.isSecure(r),
 				Domain:   manager.config.Domain}
 			if manager.config.CookieLifeTime > 0 {
 				cookie.MaxAge = manager.config.CookieLifeTime
@@ -233,7 +233,7 @@ func (manager *Manager) SessionRegenerateId(w http.ResponseWriter, r *http.Reque
 			Value:    url.QueryEscape(sid),
 			Path:     "/",
 			HttpOnly: true,
-			Secure:   manager.config.Secure,
+			Secure:   manager.isSecure(r),
 			Domain:   manager.config.Domain,
 		}
 	} else {
@@ -270,3 +270,17 @@ func (manager *Manager) sessionId(r *http.Request) (string, error) {
 	}
 	return hex.EncodeToString(b), nil
 }
+
+// Set cookie with https.
+func (manager *Manager) isSecure(req *http.Request) bool {
+	if !manager.config.Secure {
+		return false
+	}
+	if req.URL.Scheme != "" {
+		return req.URL.Scheme == "https"
+	}
+	if req.TLS == nil {
+		return false
+	}
+	return true
+}