From 154da11c5bb4b7dc5c225f4fa018852ee45cc6eb Mon Sep 17 00:00:00 2001 From: Robin Sowell Date: Fri, 11 Feb 2011 15:33:44 -0500 Subject: Doy- forget the session cookie function! Added secure cookie config check there too. --- system/libraries/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Security.php b/system/libraries/Security.php index 018001ac8..a73b8e1f7 100644 --- a/system/libraries/Security.php +++ b/system/libraries/Security.php @@ -112,8 +112,9 @@ class CI_Security { function csrf_set_cookie() { $expire = time() + $this->csrf_expire; + $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; - setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), 0); + setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); log_message('debug', "CRSF cookie Set"); } -- cgit v1.2.3-24-g4f1b