Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 19cd88799f27bef8d502250c86eddcd72789bdb3^! / . / system / libraries / Session / drivers / Session_native.php
commit19cd88799f27bef8d502250c86eddcd72789bdb3[log] [tgz]
authorGDmac <grdalenoort@gmail.com>Tue Oct 16 14:19:57 2012 +0200
committerGDmac <grdalenoort@gmail.com>Tue Oct 16 14:27:54 2012 +0200
tree873ff639a9c9d7d86620c56f4afff57cc3c3d08f
parent2220fbe70503dd6d7ff9b2a57b84685955e815ab [diff] [blame]
Session Native, respect cookie settings

Respect config settings for cookie_secure and cookie_httponly

Signed-off-by: GDmac <grdalenoort@gmail.com>

diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index 6529d4c..d7b9e84 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php

@@ -55,7 +55,9 @@
 			'sess_time_to_update',
 			'cookie_prefix',
 			'cookie_path',
-			'cookie_domain'
+			'cookie_domain',
+			'cookie_secure',
+			'cookie_httponly'
 		);
 
 		foreach ($prefs as $key)
@@ -82,6 +84,9 @@
 		$expire = 7200;
 		$path = '/';
 		$domain = '';
+		$secure = FALSE;
+		$http_only = FALSE;
+
 		if ($config['sess_expiration'] !== FALSE)
 		{
 			// Default to 2 years if expiration is "0"
@@ -99,7 +104,20 @@
 			// Use specified domain
 			$domain = $config['cookie_domain'];
 		}
-		session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain);
+
+		if ($config['cookie_secure'])
+		{
+			// Send over SSL / HTTPS only?
+			$secure = $config['cookie_secure'];
+		}
+
+		if ($config['cookie_httponly'])
+		{
+			// only available to HTTP(S)?
+			$http_only = $config['http_only'];
+		}
+
+		session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
 
 		// Start session
 		session_start();
@@ -189,7 +207,7 @@
 		{
 			// Clear session cookie
 			$params = session_get_cookie_params();
-			setcookie($name, '', time() - 42000, $params['path'], $params['domain']);
+			setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
 			unset($_COOKIE[$name]);
 		}
 		session_destroy();