[Catalyst] Making secure session cookies (or, how do we make Explorer stop complaining about nonsecure content on a secure page?)

will trillich will.trillich at serensoft.com
Mon Feb 21 14:09:21 GMT 2011


Nope it's not the javascript. Searching view-source for "http://" shows only
DOCTYPE, xmlns, <!-- comments --> and links to other/external websites.

The session cookie does show as non-secure, so that's why we're thinking
it's the main culprit.

Otherwise, is there a tool out there that helps discover what Explorer is
griping about when it says "this page contains both secure and nonsecure
items..."?



On Mon, Feb 21, 2011 at 12:08 AM, Jason Galea <lists at eightdegrees.com.au>wr=
ote:

> you're not using a non-ssl cdn for your javascript libraries? (had me
> searching once..)
>
> On Mon, Feb 21, 2011 at 1:32 PM, will trillich
> <will.trillich at serensoft.com> wrote:
> > Catalyst::Plugin::Session::State::Cookie shows how to make a secure
> cookie,
> > which is great when you're rolling cookies by hand in your code.
> > But how do you set a secure cookie in the context of a myapp.conf setup?
> > <session>
> >     flash_to_stash =3D 1
> >     dbic_class     =3D MyApp::Session
> >     expires        =3D 3600
> >     cookie_secure =3D 1 # just kidding
> > </session>
> > That's not doing the trick. Which doc reveals the right mojo?
> > =3D=3D=3D
> > This is in pursuit of stopping the Explorer error "This page contains
> both
> > secure and nonsecure items..." Other than the doctype and the <html
> > xmlns=3D""> attribute, we can't find any http:// references, even looki=
ng
> in
> > css @import and url() ... so the next culprit seems to be the nonsecure
> > cookie. Other guidance is more than welcome!
> >
> > --
> > The first step towards getting somewhere is to decide that you are not
> going
> > to stay where you are.  -- J.P.Morgan
> >
> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
> >
> >
>
>
>
> --
> Jason Galea
> Web Developer
>
> Ph 07 40556926
> Mob 04 12345 534
> www.eightdegrees.com.au
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>



-- =

The first step towards getting somewhere is to decide that you are not going
to stay where you are.  -- J.P.Morgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110221/d3ed5=
bbb/attachment.htm


More information about the Catalyst mailing list