Use secure HTTPS cookies

2006-08-30 09:13:50 +00:00 · 2006-08-30 09:13:50 +00:00 · 509a065caf
commit 509a065caf
parent 9041bda1a0
3 changed files with 10 additions and 2 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -3,6 +3,9 @@
 Version 1.1-beta4 ()
 ------------------------------------------------------------------------
    * Use seperate PHP session ID when using HTTPS login. Set 'secure'
      cookie parameters when using HTTPS. Thanks to lynoure!
    * Added possibility for templates to define the sidebars they use.
      The template specifies this via the $template_config array in
      the config.inc.php file of a template. It looks like this:
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@ -559,7 +559,8 @@ function serendipity_JSsetCookie($name, $value) {
 function serendipity_setCookie($name,$value) {
    global $serendipity;
-    setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath']);
+    $secure = !empty($_SERVER['HTTPS']) ? true : false;
    setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $_SERVER['HTTP_HOST'], $secure);
    $_COOKIE[$name] = $value;
    $serendipity['COOKIE'][$name] = $value;
 }
@ -1860,7 +1861,7 @@ function &serendipity_loadThemeOptions(&$template_config) {
 function serendipity_hasPluginPermissions($plugin) {
    static $forbidden = null;
    global $serendipity;
-    
+
    if (empty($serendipity['authorid'])) {
        return true;
    }
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@ -9,6 +9,10 @@ if (defined('S9Y_FRAMEWORK')) {
@define('S9Y_FRAMEWORK', true);
 if (!headers_sent()) {
    if (!empty($_SERVER['HTTPS'])) {
        @ini_set('session.name', 'SSLSID');
        @ini_set('session.cookie_secure', '1');
    }
    session_start();
 }