diff options
| author | Microsoft <aspnet@microsoft.com> | 2012-05-31 16:01:05 -0700 |
|---|---|---|
| committer | Microsoft <aspnet@microsoft.com> | 2012-05-31 16:01:05 -0700 |
| commit | 109188abee3772791dda97e7cbe36b3dc820f5fb (patch) | |
| tree | 1f42cf39efdf06512f7961052a0e98323304753d /src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs | |
| parent | 5e07054db57c7d52ca9e3d05ff16c4321eb514b7 (diff) | |
| download | DotNetOpenAuth-109188abee3772791dda97e7cbe36b3dc820f5fb.zip DotNetOpenAuth-109188abee3772791dda97e7cbe36b3dc820f5fb.tar.gz DotNetOpenAuth-109188abee3772791dda97e7cbe36b3dc820f5fb.tar.bz2 | |
Code review cleanup for DotNetOpenAuth.AspNet:
- Clients should use HTTPS instead of HTTP whenever possible.
- MachineKeyUtil reliability tweaks.
- Improved anti-XSRF protection when running under subdomains.
- Other miscellaneous minor cleanup.
Diffstat (limited to 'src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs')
| -rw-r--r-- | src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs index a58549a..2ec988b 100644 --- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs +++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs @@ -86,7 +86,10 @@ namespace DotNetOpenAuth.AspNet.Clients { /// <param name="requestToken">The request token.</param> /// <param name="requestTokenSecret">The request token secret.</param> public void StoreRequestToken(string requestToken, string requestTokenSecret) { - var cookie = new HttpCookie(TokenCookieKey); + var cookie = new HttpCookie(TokenCookieKey) { + HttpOnly = true + }; + if (FormsAuthentication.RequireSSL) { cookie.Secure = true; } |