rubycas · adamcrown · Jun 13, 2013
diff --git a/config/config.example.yml b/config/config.example.yml
@@ -524,6 +524,15 @@ log:
 
 #maximum_session_lifetime: 172800
 
+# Set custom cookie parameters such as max-age or secure
+
+#cookie_options:
+#  domain:
+#  path:
+#  max_age:
+#  expires:
+#  secure:
+#  httponly:
 
 # If you want the usernames entered on the login page to be automatically
 # downcased (converted to lowercase), enable the following option. When this

diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb
@@ -459,7 +459,8 @@ def self.init_database!
 
           # 3.6 (ticket-granting cookie)
           tgt = generate_ticket_granting_ticket(@username, extra_attributes)
-          response.set_cookie('tgt', tgt.to_s)
+          cookie_options = (settings.config[:cookie_options] || {}).symbolize_keys
+          response.set_cookie('tgt', cookie_options.merge(:value => tgt.to_s))
 
           $LOG.debug("Ticket granting cookie '#{tgt.inspect}' granted to #{@username.inspect}")
 

diff --git a/spec/casserver_spec.rb b/spec/casserver_spec.rb
@@ -34,6 +34,7 @@
       click_button 'login-submit'
 
       page.should have_content("You have successfully logged in")
+      Capybara.current_session.driver.response.headers['Set-Cookie'].should match 'path=/'
     end
 
     it "fails to log in with invalid password" do

diff --git a/spec/config/default_config.yml b/spec/config/default_config.yml
@@ -47,6 +47,9 @@ enable_single_sign_out: true
 
 #maximum_session_lifetime: 172800
 
+cookie_options:
+  path: "/"
+
 #downcase_username: true
 
 allowed_service_ips: