Adding config option to require 'secure' setting for all cookies- requires https.
diff --git a/system/core/Input.php b/system/core/Input.php
index 1157601..c2db94d 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -225,8 +225,10 @@
$expire = 0;
}
}
+
+ $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
- setcookie($prefix.$name, $value, $expire, $path, $domain, 0);
+ setcookie($prefix.$name, $value, $expire, $path, $domain, $secure_cookie);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 53ff4f5..0b94340 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -658,6 +658,8 @@
}
$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+
+ $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
// Set the cookie
setcookie(
@@ -666,7 +668,7 @@
$expire,
$this->cookie_path,
$this->cookie_domain,
- 0
+ $secure_cookie
);
}