elseif key == "REQUEST_URI" then
return build_url(unpack(ctx.requestpath))
elseif key == "FULL_REQUEST_URI" then
- local url = { http.getenv("SCRIPT_NAME"), http.getenv("PATH_INFO") }
+ local url = { http.getenv("SCRIPT_NAME") or "" , http.getenv("PATH_INFO") }
local query = http.getenv("QUERY_STRING")
if query and #query > 0 then
url[#url+1] = "?"
return
end
- http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+ http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
+ sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
+ })
http.redirect(build_url(unpack(ctx.requestpath)))
end