Use secure HTTPS cookies

docs/NEWS

@@ -3,6 +3,9 @@
 Version 1.1-beta4 ()
 ------------------------------------------------------------------------
 
+    * Use seperate PHP session ID when using HTTPS login. Set 'secure'
+      cookie parameters when using HTTPS. Thanks to lynoure!
+
     * Added possibility for templates to define the sidebars they use.
       The template specifies this via the $template_config array in
       the config.inc.php file of a template. It looks like this:

include/functions_config.inc.php

@@ -559,7 +559,8 @@ function serendipity_JSsetCookie($name, $value) {
 function serendipity_setCookie($name,$value) {
     global $serendipity;
 
-    setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath']);
+    $secure = !empty($_SERVER['HTTPS']) ? true : false;
+    setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $_SERVER['HTTP_HOST'], $secure);
     $_COOKIE[$name] = $value;
     $serendipity['COOKIE'][$name] = $value;
 }
@@ -1860,7 +1861,7 @@ function &serendipity_loadThemeOptions(&$template_config) {
 function serendipity_hasPluginPermissions($plugin) {
     static $forbidden = null;
     global $serendipity;
-    
+
     if (empty($serendipity['authorid'])) {
         return true;
     }

serendipity_config.inc.php

@@ -9,6 +9,10 @@ if (defined('S9Y_FRAMEWORK')) {
 @define('S9Y_FRAMEWORK', true);
 
 if (!headers_sent()) {
+    if (!empty($_SERVER['HTTPS'])) {
+        @ini_set('session.name', 'SSLSID');
+        @ini_set('session.cookie_secure', '1');
+    }
     session_start();
 }