No longer make the httpOnly attribute of the session cookie configurable

rom3r4 · Oct 24, 2024 · d941f59 · d941f59
1 parent e246da6
commit d941f59
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
@@ -843,14 +843,6 @@ private Keys() {
             List.of(KeyType.CONFIG),
             "max-age=3600,public");
 
-     /**
-     * Set HttpOnly attribut to the session cookie.
-     */
-    public static final ConfigKey<Boolean> WEB_COOKIE_HTTP_ONLY = new BooleanConfigKey(
-        "web.cookieHttpOnly",
-        List.of(KeyType.CONFIG),
-        false);
-
     /**
      * Enable TOTP authentication on the server.
      */

diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
@@ -218,7 +218,7 @@ private void initSessionConfig(ServletContextHandler servletHandler) {
             }
         }
 
-        sessionCookieConfig.setHttpOnly(config.getBoolean(Keys.WEB_COOKIE_HTTP_ONLY));
+        sessionCookieConfig.setHttpOnly(true);
     }
 
     @Override
-Original file line number
+Diff line change
@@ Expand Up @@
                 }
             }
-            sessionCookieConfig.setHttpOnly(config.getBoolean(Keys.WEB_COOKIE_HTTP_ONLY));
+            sessionCookieConfig.setHttpOnly(true);
         }
         @Override
@@ Expand Down @@