Bind cookie gotten over HTTPS to HTTPS only (#1485336).

git-svn-id: https://svn.roundcube.net/trunk@1823 208e9e7b-5314-0410-a742-e7e81cd9613c

1 files changed, 2 insertions, 1 deletions

diff --git a/roundcubemail/program/include/session.inc b/roundcubemail/program/include/session.inc
index 603f384bb..ad66f0c40 100644
--- a/roundcubemail/program/include/session.inc
+++ b/roundcubemail/program/include/session.inc
@@ -184,7 +184,8 @@ function rcube_sess_regenerate_id()
   $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
 
   setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
+  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
+            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
 
   return true;
 }