svncommit
2008-09-18 d0b973cf6aed4a7cb705f706624d25b31d19ed52
Bind cookie gotten over HTTPS to HTTPS only (#1485336).


1 files modified
3 ■■■■ changed files
program/include/session.inc 3 ●●●● patch | view | raw | blame | history
program/include/session.inc
@@ -184,7 +184,8 @@
  $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
  setcookie(session_name(), '', time() - 3600);
  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
  return true;
}