From 5dc2e19e15d48338f23a372e9d1998617733b4eb Mon Sep 17 00:00:00 2001 From: Pavan Kumar Reddy B Date: Fri, 10 Jul 2026 10:56:14 +0530 Subject: [PATCH 1/2] RDKB-65950 Fix HTTP login session cookie Secure flag handling --- jsts/jst_prefix.js | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/jsts/jst_prefix.js b/jsts/jst_prefix.js index 8f3a778..7a3eb81 100644 --- a/jsts/jst_prefix.js +++ b/jsts/jst_prefix.js @@ -89,6 +89,17 @@ var $_SERVER = new Proxy({}, { var $_SESSION = {}; var $_jst_session = null; var $_val_input = {}; + +function is_https_request() +{ + var https = getenv('HTTPS'); + if(https === false || https === undefined || https === null) + return false; + + var value = String(https).toLowerCase(); + return (value === 'on' || value === '1' || value === 'true'); +} + function session_start() { if($_jst_session) @@ -99,11 +110,10 @@ function session_start() return; } ccsp_session.start(); - var host = getenv('HTTPS'); - if (host == false) - var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; - else + if (is_https_request()) var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; secure" + "; httponly"; + else + var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; header($cookie); $_jst_session = ccsp_session.getData(); $_SESSION = new Proxy($_jst_session, { @@ -127,11 +137,10 @@ function session_start() } function session_create(){ ccsp_session.create(); - var host = getenv('HTTPS'); - if (host == false) - var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; - else + if (is_https_request()) var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; secure" + "; httponly"; + else + var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; header($cookie); $_jst_session = ccsp_session.getData(); $_SESSION = new Proxy($_jst_session, { From 60a316de6ec85a883cd696118f0c32d31dde50eb Mon Sep 17 00:00:00 2001 From: Pavan Kumar Reddy B Date: Fri, 10 Jul 2026 11:01:31 +0530 Subject: [PATCH 2/2] RDKB-65950 Align HTTPS cookie conditional indentation --- jsts/jst_prefix.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jsts/jst_prefix.js b/jsts/jst_prefix.js index 7a3eb81..0cfde73 100644 --- a/jsts/jst_prefix.js +++ b/jsts/jst_prefix.js @@ -110,10 +110,10 @@ function session_start() return; } ccsp_session.start(); - if (is_https_request()) - var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; secure" + "; httponly"; - else - var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; + if (is_https_request()) + var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; secure" + "; httponly"; + else + var $cookie = "Set-Cookie: DUKSID=" + ccsp_session.getId() + "; httponly"; header($cookie); $_jst_session = ccsp_session.getData(); $_SESSION = new Proxy($_jst_session, {