From d0b973cf6aed4a7cb705f706624d25b31d19ed52 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 07:54:14 -0400
Subject: [PATCH] Bind cookie gotten over HTTPS to HTTPS only (#1485336).

---
 program/include/session.inc |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/program/include/session.inc b/program/include/session.inc
index 603f384..ad66f0c 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -184,7 +184,8 @@
   $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
 
   setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
+  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
+            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
 
   return true;
 }

--
Gitblit v1.9.1