Set cookies with "secure" flag on SSL sites. Improves security.testing

author: Craig Andrews <candrews@integralblue.com> 2010-10-26 17:55:09 -0400
committer: Craig Andrews <candrews@integralblue.com> 2010-10-26 17:55:09 -0400
commit: 22a0cf6251cff6bc3c872d27ee5a6921665c7394 (patch)
tree: 9a580a5c12b26fd3aebbd8c36ec092ad8ce9f611
parent: b3cd558fe777e2e2460eaff44a85a58a846fab60 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/util.php b/lib/util.php
index 6044fdd92..d50fa2081 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -326,7 +326,8 @@ function common_set_cookie($key, $value, $expiration=0)
                      $value,
                      $expiration,
                      $cookiepath,
-                     $server);
+                     $server,
+                     common_config('site', 'ssl')=='always');
 }
 
 define('REMEMBERME', 'rememberme');
author	Craig Andrews <candrews@integralblue.com>	2010-10-26 17:55:09 -0400
committer	Craig Andrews <candrews@integralblue.com>	2010-10-26 17:55:09 -0400
commit	22a0cf6251cff6bc3c872d27ee5a6921665c7394 (patch)
tree	9a580a5c12b26fd3aebbd8c36ec092ad8ce9f611
parent	b3cd558fe777e2e2460eaff44a85a58a846fab60 (diff)