Adding config option to require 'secure' setting for all cookies- requires https.

commit: d6d9f454b6939d1e6f1c9687f4e08d89690f79ff [log] [tgz]
author: Robin Sowell <robin.sowell@ellislab.com> Fri Feb 11 15:31:27 2011 -0500
committer: Robin Sowell <robin.sowell@ellislab.com> Fri Feb 11 15:31:27 2011 -0500
tree: 2fdd83293d5bf27308475b44e7d36c652175b1e0
parent: a3e6224d8eeddce7b86c8fe122e84c91a570d882 [diff] [blame]
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 53ff4f5..0b94340 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php

@@ -658,6 +658,8 @@
 		}
 
 		$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+		
+		$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
 
 		// Set the cookie
 		setcookie(
@@ -666,7 +668,7 @@
 					$expire,
 					$this->cookie_path,
 					$this->cookie_domain,
-					0
+					$secure_cookie
 				);
 	}
commit	d6d9f454b6939d1e6f1c9687f4e08d89690f79ff	[log] [tgz]
author	Robin Sowell <robin.sowell@ellislab.com>	Fri Feb 11 15:31:27 2011 -0500
committer	Robin Sowell <robin.sowell@ellislab.com>	Fri Feb 11 15:31:27 2011 -0500
tree	2fdd83293d5bf27308475b44e7d36c652175b1e0
parent	a3e6224d8eeddce7b86c8fe122e84c91a570d882 [diff] [blame]