From 1b5b1e5fec02c9158ea655dcc933380f4f464c99 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 17 Jul 2017 07:33:43 +0300 Subject: [PATCH] sessions: use is_server_https() for secure cookie setting --- include/sessions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/sessions.php b/include/sessions.php index 3d6e6e2c6..7ea9052bc 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -12,7 +12,7 @@ $session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400)); $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME; - if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { + if (is_server_https()) { $session_name .= "_ssl"; ini_set("session.cookie_secure", true); }