From 22a0cf6251cff6bc3c872d27ee5a6921665c7394 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Tue, 26 Oct 2010 17:55:09 -0400
Subject: Set cookies with "secure" flag on SSL sites. Improves security.

---
 lib/util.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index 6044fdd92..d50fa2081 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -326,7 +326,8 @@ function common_set_cookie($key, $value, $expiration=0)
                      $value,
                      $expiration,
                      $cookiepath,
-                     $server);
+                     $server,
+                     common_config('site', 'ssl')=='always');
 }
 
 define('REMEMBERME', 'rememberme');
-- 
cgit v1.2.3