From 72d25b1159a8b5aced407d793ed6056a88608c9d Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 08:05:15 -0400
Subject: [PATCH] Secure the other cookie, too.

---
 program/include/rcmail.php |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 1e4e24b..589adf5 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -728,7 +728,8 @@
       if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) {
         $_SESSION['last_auth'] = $_SESSION['auth_time'];
         $_SESSION['auth_time'] = $now;
-        setcookie('sessauth', $this->get_auth_hash(session_id(), $now));
+        setcookie('sessauth', $this->get_auth_hash(session_id(), $now), '/',
+                  $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
       }
     }
     else {

--
Gitblit v1.9.1