sessions: use is_server_https() for secure cookie setting
This commit is contained in:
parent
2cdef24888
commit
1b5b1e5fec
|
@ -12,7 +12,7 @@
|
||||||
$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
|
$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
|
||||||
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
|
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
|
||||||
|
|
||||||
if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
|
if (is_server_https()) {
|
||||||
$session_name .= "_ssl";
|
$session_name .= "_ssl";
|
||||||
ini_set("session.cookie_secure", true);
|
ini_set("session.cookie_secure", true);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue