From f1fb52e23aaa509bad7f87f2b167ed400de33c05 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Fri, 5 Aug 2011 14:45:06 -0700
Subject: [PATCH] reenabled ssl cookies and told connect-cookie-session that
 proxySecure is true, really

---
 browserid/app.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/browserid/app.js b/browserid/app.js
index 3c55d9f47..8e3fceb00 100644
--- a/browserid/app.js
+++ b/browserid/app.js
@@ -133,12 +133,18 @@ exports.setup = function(server) {
         path: '/',
         httpOnly: true,
         maxAge: 14400000,
-        //secure: overSSL
+        secure: overSSL
       }
   });
 
   // cookie sessions
   server.use(function(req, resp, next) {
+    // we set this parameter so the connect-cookie-session
+    // sends the cookie even though the local connection is HTTP
+    // (the load balancer does SSL)
+    if (overSSL)
+      req.connection.proxySecure = true;
+
     try {
       cookieSessionMiddleware(req, resp, next);
     } catch(e) {
-- 
GitLab