From abd1d7aabc3f781126459c2d8dd840d60dfa79c3 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 6 Sep 2021 17:07:45 +0000
Subject: [PATCH] cookie: Set secure attribute

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/web/auth.py b/src/web/auth.py
index d9bb703e..d633a94b 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -26,7 +26,7 @@ class AuthenticationMixin(CacheMixin):
 
 		# Send session cookie to the client
 		self.set_cookie("session_id", session_id,
-			domain=self.request.host, expires=session_expires)
+			domain=self.request.host, expires=session_expires, secure=True)
 
 	def logout(self):
 		session_id = self.get_cookie("session_id")
-- 
2.39.2