From 72d25b1159a8b5aced407d793ed6056a88608c9d Mon Sep 17 00:00:00 2001 From: svncommit Date: Thu, 18 Sep 2008 12:05:15 +0000 Subject: [PATCH] Secure the other cookie, too. --- program/include/rcmail.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 1e4e24b2d..589adf58a 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -728,7 +728,8 @@ class rcmail if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) { $_SESSION['last_auth'] = $_SESSION['auth_time']; $_SESSION['auth_time'] = $now; - setcookie('sessauth', $this->get_auth_hash(session_id(), $now)); + setcookie('sessauth', $this->get_auth_hash(session_id(), $now), '/', + $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off')); } } else {