From 19cd88799f27bef8d502250c86eddcd72789bdb3 Mon Sep 17 00:00:00 2001
From: GDmac <grdalenoort@gmail.com>
Date: Tue, 16 Oct 2012 14:19:57 +0200
Subject: Session Native, respect cookie settings

Respect config settings for cookie_secure and cookie_httponly

Signed-off-by: GDmac <grdalenoort@gmail.com>
---
 .../libraries/Session/drivers/Session_native.php   | 24 +++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index 6529d4c36..d7b9e8410 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -55,7 +55,9 @@ class CI_Session_native extends CI_Session_driver {
 			'sess_time_to_update',
 			'cookie_prefix',
 			'cookie_path',
-			'cookie_domain'
+			'cookie_domain',
+			'cookie_secure',
+			'cookie_httponly'
 		);
 
 		foreach ($prefs as $key)
@@ -82,6 +84,9 @@ class CI_Session_native extends CI_Session_driver {
 		$expire = 7200;
 		$path = '/';
 		$domain = '';
+		$secure = FALSE;
+		$http_only = FALSE;
+
 		if ($config['sess_expiration'] !== FALSE)
 		{
 			// Default to 2 years if expiration is "0"
@@ -99,7 +104,20 @@ class CI_Session_native extends CI_Session_driver {
 			// Use specified domain
 			$domain = $config['cookie_domain'];
 		}
-		session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain);
+
+		if ($config['cookie_secure'])
+		{
+			// Send over SSL / HTTPS only?
+			$secure = $config['cookie_secure'];
+		}
+
+		if ($config['cookie_httponly'])
+		{
+			// only available to HTTP(S)?
+			$http_only = $config['http_only'];
+		}
+
+		session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
 
 		// Start session
 		session_start();
@@ -189,7 +207,7 @@ class CI_Session_native extends CI_Session_driver {
 		{
 			// Clear session cookie
 			$params = session_get_cookie_params();
-			setcookie($name, '', time() - 42000, $params['path'], $params['domain']);
+			setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
 			unset($_COOKIE[$name]);
 		}
 		session_destroy();
-- 
cgit v1.2.3-24-g4f1b


From 28616da32bcf72f37c0e61e304a1799b90ceec3f Mon Sep 17 00:00:00 2001
From: GDmac <grdalenoort@gmail.com>
Date: Tue, 16 Oct 2012 15:01:14 +0200
Subject: Native PHP Session, don't regenerate session_id during ajax

Signed-off-by: GDmac <grdalenoort@gmail.com>
---
 system/libraries/Session/drivers/Session_native.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index d7b9e8410..fb3b638a0 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -155,8 +155,12 @@ class CI_Session_native extends CI_Session_driver {
 		if ($config['sess_time_to_update'] && isset($_SESSION['last_activity'])
 			&& ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
 		{
-			// Regenerate ID, but don't destroy session
-			$this->sess_regenerate(FALSE);
+			// Changing the session ID amidst a series of AJAX calls causes problems
+			if( ! $this->CI->input->is_ajax_request())
+			{
+				// Regenerate ID, but don't destroy session
+				$this->sess_regenerate(FALSE);
+			}
 		}
 
 		// Set activity time
-- 
cgit v1.2.3-24-g4f1b


From ff5ffdf7fa3b458510a95788ac3baa6fba3178cc Mon Sep 17 00:00:00 2001
From: GDmac <grdalenoort@gmail.com>
Date: Tue, 16 Oct 2012 19:22:12 +0200
Subject: session native, fix cookie settings

Signed-off-by: GDmac <grdalenoort@gmail.com>
---
 system/libraries/Session/drivers/Session_native.php | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index fb3b638a0..da744f39b 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -84,8 +84,8 @@ class CI_Session_native extends CI_Session_driver {
 		$expire = 7200;
 		$path = '/';
 		$domain = '';
-		$secure = FALSE;
-		$http_only = FALSE;
+		$secure = (bool) $config['cookie_secure'];
+		$http_only = (bool) $config['cookie_httponly'];
 
 		if ($config['sess_expiration'] !== FALSE)
 		{
@@ -105,18 +105,6 @@ class CI_Session_native extends CI_Session_driver {
 			$domain = $config['cookie_domain'];
 		}
 
-		if ($config['cookie_secure'])
-		{
-			// Send over SSL / HTTPS only?
-			$secure = $config['cookie_secure'];
-		}
-
-		if ($config['cookie_httponly'])
-		{
-			// only available to HTTP(S)?
-			$http_only = $config['http_only'];
-		}
-
 		session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
 
 		// Start session
-- 
cgit v1.2.3-24-g4f1b