Merge pull request #1814 from Ansuel/lua-interpreter

[project/luci.git] / modules / luci-base / luasrc / dispatcher.lua

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index baaa95a..2c58b0a 100644 (file)
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -358,7 +358,7 @@ function dispatch(request)
                        elseif key == "REQUEST_URI" then
                                return build_url(unpack(ctx.requestpath))
                        elseif key == "FULL_REQUEST_URI" then
-                               local url = { http.getenv("SCRIPT_NAME"), http.getenv("PATH_INFO") }
+                               local url = { http.getenv("SCRIPT_NAME") or "" , http.getenv("PATH_INFO") }
                                local query = http.getenv("QUERY_STRING")
                                if query and #query > 0 then
                                        url[#url+1] = "?"
@@ -429,7 +429,9 @@ function dispatch(request)
                                return
                        end
 
-                       http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+                       http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
+                               sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
+                       })
                        http.redirect(build_url(unpack(ctx.requestpath)))
                end