From d6d9f454b6939d1e6f1c9687f4e08d89690f79ff Mon Sep 17 00:00:00 2001
From: Robin Sowell <robin.sowell@ellislab.com>
Date: Fri, 11 Feb 2011 15:31:27 -0500
Subject: Adding config option to require 'secure' setting for all cookies-
 requires https.

---
 application/config/config.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'application/config')

diff --git a/application/config/config.php b/application/config/config.php
index 2a084ac22..26b31e309 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -255,11 +255,13 @@ $config['sess_time_to_update']	= 300;
 | 'cookie_prefix' = Set a prefix if you need to avoid collisions
 | 'cookie_domain' = Set to .your-domain.com for site-wide cookies
 | 'cookie_path'   =  Typically will be a forward slash
+| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
 |
 */
 $config['cookie_prefix']	= "";
 $config['cookie_domain']	= "";
 $config['cookie_path']		= "/";
+$config['cookie_secure']	= FALSE;
 
 /*
 |--------------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b