From 3e0b42573e83e2763f9f4cf6ac4790b0ad8514c3 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 21 Aug 2010 14:06:30 -0700
Subject: Set the "secure" bit on cookies if we're using HTTPS.  Fixes ticket
 #1217.

---
 modules/gallery/config/cookie.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/config/cookie.php b/modules/gallery/config/cookie.php
index ded3bdaa..7f6ea265 100644
--- a/modules/gallery/config/cookie.php
+++ b/modules/gallery/config/cookie.php
@@ -37,10 +37,9 @@ $config['path'] = '/';
 $config['expire'] = 0;
 
 /**
- * Enable this option to only allow the cookie to be read when using the a
- * secure protocol.
+ * Set the secure bit on the cookie if we're using HTTPS.
  */
-$config['secure'] = false;
+$config['secure'] = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
 
 /**
  * Enable this option to disable the cookie from being accessed when using a
-- 
cgit v1.2.3