Blame SOURCES/secure-cookie.patch

056f5b
--- pcs-0.9.137/pcsd/pcsd.rb.secure_fix        2015-03-30 13:48:50.209887370 -0500
056f5b
+++ pcs-0.9.137/pcsd/pcsd.rb   2015-03-30 13:50:47.321660377 -0500
056f5b
@@ -32,7 +32,9 @@ end
056f5b
 
056f5b
 use Rack::Session::Cookie,
056f5b
   :expire_after => 60 * 60,
056f5b
-  :secret => secret
056f5b
+  :secret => secret,
056f5b
+  :secure => true, # only send over HTTPS
056f5b
+  :httponly => true # don't provide to javascript
056f5b
 
056f5b
 #use Rack::SSL
056f5b
 
056f5b
@@ -46,8 +48,6 @@ also_reload 'pcs.rb'
056f5b
 also_reload 'auth.rb'
056f5b
 also_reload 'wizard.rb'
056f5b
 
056f5b
-enable :sessions
056f5b
-
056f5b
 before do
056f5b
   $session = session
056f5b
   $cookies = cookies