diff options
| author | robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-09-18 12:05:15 +0000 |
|---|---|---|
| committer | robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2008-09-18 12:05:15 +0000 |
| commit | a64971f6a104f4733e93cec952f18ff8ee33365f (patch) | |
| tree | 79b1cd83be9c821c68075efc1467a464aad3836d /roundcubemail/program/include/rcmail.php | |
| parent | 3e84a7943be101168f43787baed08c8a589dda61 (diff) | |
Secure the other cookie, too.
git-svn-id: https://svn.roundcube.net/trunk@1824 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/include/rcmail.php')
| -rw-r--r-- | roundcubemail/program/include/rcmail.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/roundcubemail/program/include/rcmail.php b/roundcubemail/program/include/rcmail.php index 1e4e24b2d..589adf58a 100644 --- a/roundcubemail/program/include/rcmail.php +++ b/roundcubemail/program/include/rcmail.php @@ -728,7 +728,8 @@ class rcmail if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) { $_SESSION['last_auth'] = $_SESSION['auth_time']; $_SESSION['auth_time'] = $now; - setcookie('sessauth', $this->get_auth_hash(session_id(), $now)); + setcookie('sessauth', $this->get_auth_hash(session_id(), $now), '/', + $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off')); } } else { |