Implement secure cookie

Open turnkey-commerce opened this issue 9 years ago • 1 comments

This PR resolves #33. By default the secure cookie option is set when the NewAuthorizer() is called. To turn it off a special function called AllowInsecureCookie() will need to be called to set it back to false. Error messages are generated if the secure cookie is on and it the site is served over http.

The example is updated so that it will work by default on non-https sites but it has been appropriately commented to not do such in production.

The httpauth version should be incremented since it changes default behavior.

Jul 23 '16 04:07 turnkey-commerce

Changes Unknown when pulling 1b0e4055a8b2ea8bc7ca4dfc42033f2d0d7f1107 on turnkey-commerce:secure-cookie into * on apexskier:master*.

Jul 23 '16 04:07 coveralls