Add support for browser-session cookies, using a cookieTTL value of

"session".

docs/changelog/7.x.x.txt

@@ -10,6 +10,7 @@
  - fix: Spectre pings not using correct IP address
  - fix: search functionality throwing fatal errors
  - fix: DBI connect errors infinitely recurse
+ - add: setting cookieTTL to "session" now creates browser-session cookies
 
 7.0.7
  - rfe: Image Management (funded by Formation Design Systems)

lib/WebGUI/Config.pm

@@ -241,13 +241,16 @@ sub getCookieName {
 
 =head2 getCookieTTL ( ) 
 
-Returns the cookie time to live defined in the config file. Returns "10y" if one isn't defined.
+Returns the cookie time to live defined in the config file. Returns "+10y" if one isn't defined.
+This may also be "session" to indicate that the cookie should only live for the current browser
+session.
 
 =cut
 
 sub getCookieTTL {
 	my $self = shift;
-	return $self->get("cookieTTL") || "+10y";	
+	my $configTTL = $self->get("cookieTTL");
+	return defined($configTTL)? $configTTL : "+10y";
 }
 
 #-------------------------------------------------------------------

lib/WebGUI/Session/Http.pm

@@ -271,6 +271,7 @@ The value to set.
 =head3 timeToLive
 
 The time that the cookie should remain in the browser. Defaults to "+10y" (10 years from now).
+This may be "session" to indicate that the cookie is for the current browser session only.
 
 =head3 domain
 
@@ -291,9 +292,10 @@ sub setCookie {
 		my $cookie = Apache2::Cookie->new($self->session->request,
 			-name=>$name,
 			-value=>$value,
-			-expires=>$ttl,
 			-path=>'/'
 		);
+
+		$cookie->expires($ttl) if $ttl ne 'session';
 		$cookie->domain($domain) if ($domain);
 		$cookie->bake($self->session->request);
 	}