Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / d6d9f454b6939d1e6f1c9687f4e08d89690f79ff^! / .
commitd6d9f454b6939d1e6f1c9687f4e08d89690f79ff[log] [tgz]
authorRobin Sowell <robin.sowell@ellislab.com>Fri Feb 11 15:31:27 2011 -0500
committerRobin Sowell <robin.sowell@ellislab.com>Fri Feb 11 15:31:27 2011 -0500
tree2fdd83293d5bf27308475b44e7d36c652175b1e0
parenta3e6224d8eeddce7b86c8fe122e84c91a570d882 [diff]
Adding config option to require 'secure' setting for all cookies- requires https.

diff --git a/application/config/config.php b/application/config/config.php
index 2a084ac..26b31e3 100644
--- a/application/config/config.php
+++ b/application/config/config.php

@@ -255,11 +255,13 @@
 | 'cookie_prefix' = Set a prefix if you need to avoid collisions
 | 'cookie_domain' = Set to .your-domain.com for site-wide cookies
 | 'cookie_path'   =  Typically will be a forward slash
+| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
 |
 */
 $config['cookie_prefix']	= "";
 $config['cookie_domain']	= "";
 $config['cookie_path']		= "/";
+$config['cookie_secure']	= FALSE;
 
 /*
 |--------------------------------------------------------------------------

diff --git a/system/core/Input.php b/system/core/Input.php
index 1157601..c2db94d 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php

@@ -225,8 +225,10 @@
 				$expire = 0;
 			}
 		}
+		
+		$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
 
-		setcookie($prefix.$name, $value, $expire, $path, $domain, 0);
+		setcookie($prefix.$name, $value, $expire, $path, $domain, $secure_cookie);
 	}
 
 	// --------------------------------------------------------------------

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 53ff4f5..0b94340 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php

@@ -658,6 +658,8 @@
 		}
 
 		$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+		
+		$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
 
 		// Set the cookie
 		setcookie(
@@ -666,7 +668,7 @@
 					$expire,
 					$this->cookie_path,
 					$this->cookie_domain,
-					0
+					$secure_cookie
 				);
 	}
 

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 39e6116..9f0e226 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html

@@ -62,6 +62,11 @@
 
 <h3>Bug Fixes for 2.0.1</h3>
 <ul>
+	<li>General changes
+		<ul>
+			<li>Added <kbd>$config['cookie_secure']</kbd> to the config file to allow requiring a secure (HTTPS) in order to set cookies.</li>
+		</ul>
+	</li>
 	<li>Libraries
 		<ul>
 			<li>Fixed a bug where the table class would not clear table data after calling generate().</li>