Bind cookie gotten over HTTPS to HTTPS only (#1485336).

16 years ago · d0b973cf6a
parent cc0d55cbcb
commit d0b973cf6a
1 changed files with 2 additions and 1 deletions
--- a/program/include/session.inc
+++ b/program/include/session.inc
@ -184,7 +184,8 @@ function rcube_sess_regenerate_id()
  $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;

  setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
+  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
+            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));

  return true;
 }