Fixed: secure-cookie option is no longer set if $_SERVER['HTTPS'] is set but == "off"
authorDan
Sat, 17 Nov 2007 15:02:08 -0500
changeset 259 7fab1804a49e
parent 258 808281bfd200
child 260 661beb9b0fa3
Fixed: secure-cookie option is no longer set if $_SERVER['HTTPS'] is set but == "off"
includes/sessions.php
--- a/includes/sessions.php	Sat Nov 17 14:57:00 2007 -0500
+++ b/includes/sessions.php	Sat Nov 17 15:02:08 2007 -0500
@@ -863,7 +863,7 @@
     {
       // Stash it in a cookie
       // For now, make the cookie last forever, we can change this in 1.1.x
-      setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) ) );
+      setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ) );
       $_COOKIE['sid'] = $session_key;
     }
     // $keyhash is stored in the database, this is for compatibility with the older DB structure