[Catalyst] Making secure session cookies (or, how do we make
Explorer stop complaining about nonsecure content on a secure page?)
will trillich
will.trillich at serensoft.com
Mon Feb 21 14:11:06 GMT 2011
That's a neat trick -- hadn't heard of that one before. But the javascript
isn't our "nonsecure-items" problem.
2011/2/21 Oroszi, R=F3bert <robert at oroszi.net>
> if you're using non-ssl javascript cdn you should embed javascript ( or c=
ss
> ) like this:
>
> <script type=3D"text/javascript" src=3D"//code.jquery.com/jquery-latest.m=
in.js
> "></script>
>
> "//" - its a protocolless javascript embedding technique :)
>
> good luck :)
>
> ps: it works with images, css, javascript too
>
> 2011/2/21 Jason Galea <lists at eightdegrees.com.au>
>
> you're not using a non-ssl cdn for your javascript libraries? (had me
>> searching once..)
>>
>> On Mon, Feb 21, 2011 at 1:32 PM, will trillich
>> <will.trillich at serensoft.com> wrote:
>> > Catalyst::Plugin::Session::State::Cookie shows how to make a secure
>> cookie,
>> > which is great when you're rolling cookies by hand in your code.
>> > But how do you set a secure cookie in the context of a myapp.conf setu=
p?
>> > <session>
>> > flash_to_stash =3D 1
>> > dbic_class =3D MyApp::Session
>> > expires =3D 3600
>> > cookie_secure =3D 1 # just kidding
>> > </session>
>> > That's not doing the trick. Which doc reveals the right mojo?
>> > =3D=3D=3D
>> > This is in pursuit of stopping the Explorer error "This page contains
>> both
>> > secure and nonsecure items..." Other than the doctype and the <html
>> > xmlns=3D""> attribute, we can't find any http:// references, even look=
ing
>> in
>> > css @import and url() ... so the next culprit seems to be the nonsecure
>> > cookie. Other guidance is more than welcome!
>> >
>> > --
>> > The first step towards getting somewhere is to decide that you are not
>> going
>> > to stay where you are. -- J.P.Morgan
>> >
>> > _______________________________________________
>> > List: Catalyst at lists.scsys.co.uk
>> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> > Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> > Dev site: http://dev.catalyst.perl.org/
>> >
>> >
>>
>>
>>
>> --
>> Jason Galea
>> Web Developer
>>
>> Ph 07 40556926
>> Mob 04 12345 534
>> www.eightdegrees.com.au
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
-- =
The first step towards getting somewhere is to decide that you are not going
to stay where you are. -- J.P.Morgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110221/fcee3=
33a/attachment.htm
More information about the Catalyst
mailing list