cubicweb #1346310 Add `Secure` attribute to cookie when navigating on https [resolved]
If a cw site is accessible both by http (for anon browsing) and https (for authenticated navigation) using the same URLs (beside http <-> https), then once authenticated, one can navigate on http while still being authenticated.
This is due to the fact the cookie sent by the server to the user does not set the "Secure" attribute (cf . http://www.ietf.org/rfc/rfc2965.txt )
|closed by||<not specified>|