1

app/controllers/application_controller.rb

@@ -193,6 +193,21 @@ class ApplicationController < ActionController::Base
      find_current_user
   end
 
+  def set_autologin_cookie(user)
+    token = Token.get_or_create_permanent_login_token(user)
+    cookie_options = {
+        :value => token.value,
+        :expires => 1.month.from_now,
+        :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
+        :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+        :httponly => true
+    }
+    if Redmine::Configuration['cookie_domain'].present?
+      cookie_options = cookie_options.merge(domain: Redmine::Configuration['cookie_domain'])
+    end
+    cookies[autologin_cookie_name] = cookie_options
+  end
+
   def find_current_user
     user = nil
     unless api_request?
@@ -209,6 +224,7 @@ class ApplicationController < ActionController::Base
         user = uw.user if uw
       elsif params[:authToken]
         user = Token.find_by_value(params[:authToken]).user
+        set_autologin_cookie(user)
         session[:user_id] = user.id
       end
     end