diff options
author | Robin Sowell <robin.sowell@ellislab.com> | 2011-02-11 21:31:27 +0100 |
---|---|---|
committer | Robin Sowell <robin.sowell@ellislab.com> | 2011-02-11 21:31:27 +0100 |
commit | d6d9f454b6939d1e6f1c9687f4e08d89690f79ff (patch) | |
tree | 2fdd83293d5bf27308475b44e7d36c652175b1e0 /system | |
parent | a3e6224d8eeddce7b86c8fe122e84c91a570d882 (diff) |
Adding config option to require 'secure' setting for all cookies- requires https.
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Input.php | 4 | ||||
-rw-r--r-- | system/libraries/Session.php | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 1157601e1..c2db94d64 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -225,8 +225,10 @@ class CI_Input { $expire = 0; } } + + $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; - setcookie($prefix.$name, $value, $expire, $path, $domain, 0); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure_cookie); } // -------------------------------------------------------------------- diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 53ff4f5d3..0b94340d5 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -658,6 +658,8 @@ class CI_Session { } $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time(); + + $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; // Set the cookie setcookie( @@ -666,7 +668,7 @@ class CI_Session { $expire, $this->cookie_path, $this->cookie_domain, - 0 + $secure_cookie ); } |