From d6d9f454b6939d1e6f1c9687f4e08d89690f79ff Mon Sep 17 00:00:00 2001
From: Robin Sowell <robin.sowell@ellislab.com>
Date: Fri, 11 Feb 2011 15:31:27 -0500
Subject: Adding config option to require 'secure' setting for all cookies-
 requires https.

---
 system/libraries/Session.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'system/libraries/Session.php')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 53ff4f5d3..0b94340d5 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -658,6 +658,8 @@ class CI_Session {
 		}
 
 		$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+		
+		$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
 
 		// Set the cookie
 		setcookie(
@@ -666,7 +668,7 @@ class CI_Session {
 					$expire,
 					$this->cookie_path,
 					$this->cookie_domain,
-					0
+					$secure_cookie
 				);
 	}
 
-- 
cgit v1.2.3-24-g4f1b