Fix FE web insecure cookie setting #26056 (#26057)

* Fix FE web insecure cookie setting #26056 * [Bug] FE web insecure cookie setting #26056
2023-12-12 22:50:40 +08:00
parent 15553e6335
commit 5e374c6a35
1 changed files with 11 additions and 1 deletions
--- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java
@ -104,7 +104,11 @@ public class BaseController {
    protected void addSession(HttpServletRequest request, HttpServletResponse response, SessionValue value) {
        String key = UUID.randomUUID().toString();
        Cookie cookie = new Cookie(PALO_SESSION_ID, key);
-        cookie.setSecure(false);
+        if (Config.enable_https) {
+            cookie.setSecure(true);
+        } else {
+            cookie.setSecure(false);
+        }
        cookie.setMaxAge(PALO_SESSION_EXPIRED_TIME);
        cookie.setPath("/");
        cookie.setHttpOnly(true);
@ -172,6 +176,12 @@ public class BaseController {
            if (cookie.getName() != null && cookie.getName().equals(cookieName)) {
                cookie.setMaxAge(age);
                cookie.setPath("/");
+                cookie.setHttpOnly(true);
+                if (Config.enable_https) {
+                    cookie.setSecure(true);
+                } else {
+                    cookie.setSecure(false);
+                }
                response.addCookie(cookie);
            }
        }