From ed099c3f964e4b18a3c431b59cdb63533ec91d81 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Sat, 28 Feb 2015 18:20:56 +0530
Subject: [PATCH] server: check and set sercure cookie flag only after login

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 0f819f1583116d93ca3ebf460b69cd74144a25b2)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 server/src/com/cloud/api/ApiServlet.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index 5628d984611..1fd16baacb1 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -194,6 +194,14 @@ public class ApiServlet extends HttpServlet {
                             }
                         }
                         session = req.getSession(true);
+                        if (ApiServer.isSecureSessionCookieEnabled()) {
+                            resp.setHeader("SET-COOKIE", "JSESSIONID=" + session.getId() + ";Secure;Path=/client");
+                            if (s_logger.isDebugEnabled()) {
+                                if (s_logger.isDebugEnabled()) {
+                                    s_logger.debug("Session cookie is marked secure!");
+                                }
+                            }
+                        }
                     }
 
                     try {