Adding config option to require 'secure' setting for all cookies- requires https.

author: Robin Sowell <robin.sowell@ellislab.com> 2011-02-11 21:31:27 +0100
committer: Robin Sowell <robin.sowell@ellislab.com> 2011-02-11 21:31:27 +0100
commit: d6d9f454b6939d1e6f1c9687f4e08d89690f79ff (patch)
tree: 2fdd83293d5bf27308475b44e7d36c652175b1e0 /application/config
parent: a3e6224d8eeddce7b86c8fe122e84c91a570d882 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 2a084ac22..26b31e309 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -255,11 +255,13 @@ $config['sess_time_to_update']	= 300;
 | 'cookie_prefix' = Set a prefix if you need to avoid collisions
 | 'cookie_domain' = Set to .your-domain.com for site-wide cookies
 | 'cookie_path'   =  Typically will be a forward slash
+| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
 |
 */
 $config['cookie_prefix']	= "";
 $config['cookie_domain']	= "";
 $config['cookie_path']		= "/";
+$config['cookie_secure']	= FALSE;
 
 /*
 |--------------------------------------------------------------------------
author	Robin Sowell <robin.sowell@ellislab.com>	2011-02-11 21:31:27 +0100
committer	Robin Sowell <robin.sowell@ellislab.com>	2011-02-11 21:31:27 +0100
commit	d6d9f454b6939d1e6f1c9687f4e08d89690f79ff (patch)
tree	2fdd83293d5bf27308475b44e7d36c652175b1e0 /application/config
parent	a3e6224d8eeddce7b86c8fe122e84c91a570d882 (diff)